Re: super y sudo

To: debian-user-spanish@lists.debian.org
Subject: Re: super y sudo
From: Jordi <jordi@sindominio.net>
Date: Mon, 15 Nov 1999 14:10:48 +0100
Message-id: <[🔎] 19991115141048.A1248@softhome.net>
Mail-followup-to: debian-user-spanish@lists.debian.org
In-reply-to: <[🔎] 19991115122326.C548@natalia.micasa.ct>; from rsierra@mail.com on Mon, Nov 15, 1999 at 12:23:26PM +0000
References: <[🔎] 19991112171951.A4945@pierced> <[🔎] 19991115122326.C548@natalia.micasa.ct>

Hola,

On Mon, Nov 15, 1999 at 12:23:26PM +0000, Ricard Sierra wrote:
>   A mi se me ocurre utilizar super y un script donde descargues los modulos del
> ppp y llames al programa de captura de la camara. A parte puedes indicar los
> usuarios que tienen derecho a ejecutar el comando. La verdad es que super va muy
> bien para cosas como esta (montar el cdrom, hacer un halt, reboot, etc.. sin
> tener que entrar como root).

A propósito de super, sé que mucha gente usa 'sudo' para hacer esto mismo.
Yo también prefiero super, pero al grano. En la lista de seguridad unix de
kriptópolis ha llegado lo siguiente, supongo que es bueno compartirlo:

---------- Forwarded message ----------
Date: Thu, 11 Nov 1999 21:38:21 -0600 (CST)
From: Wade Maxfield <maxfield@ctelcom.net>
To: linux-security@redhat.com
Subject: [linux-security] security hole in sudo allows users full access
Resent-Date: 12 Nov 1999 08:04:16 -0000
Resent-From: linux-security@redhat.com
Resent-cc: recipient list not shown: ;

  While sudo is used to give fairly trusted users the ability to run
programs with root privs, there exists a hole in the one in the RedHat
contrib directory (sudo 1.5.9.p4) which allows a minimally trusted user to
obtain full root access and privilege.

  If a user is given the opportunity to run any program, that user can
fool sudo and obtain any level of privilege for any executable.

  Assume the user can run "/bin/treport" as listed in the sudoers file.
(The actual program name does not matter.)

  the user copies /bin/vi to ./treport (assuming the user is in a
directory in which he has write and execute priv.) the user then executes
the following line:

sudo ./treport /etc/shadow

  vi is executed with root privilege and shadow is opened. The full path
of treport is not required.  The correct path of treport is not required.

  This program should be restricted only to _very_ trusted users in the
meantime.

wade

[mod: Note that many operations that normally require "root" will
"give away" root when allowed under "sudo" with a little puzzeling.
This, however, is unforgivable..... -- REW]

--------------------------------------------------------------------

Para quien no entienda inglés, un bug en sudo permite engañarle ya que no
comprueba el path del ejecutable, así que si tienes permiso en sudoers para
ejecutar "foo", haces "cp /bin/vi ~/foo" "y luego "./foo /etc/shadow" y ale,
editando como root. No lo he comprobado, si alguien usa sudo, que lo haga y
comente.
En fin, el mensaje es alto y claro: No le des sudo a nadie del que no
confíes plenamente.

Salut,

Jordi

Attachment: pgpVGsnwbkyI5.pgp
Description: PGP signature

Reply to:

References:
- /etc/group (tribulaciones varias)
  - From: Barbwired <barbwired@bigfoot.com>
- Re: /etc/group (tribulaciones varias)
  - From: Ricard Sierra <rsierra@mail.com>

Prev by Date: Re: LOS LIBROS ELEGIDOS DE EXPOMANAGEMENT
Next by Date: Re: Freeze de Potato
Previous by thread: Re: /etc/group (tribulaciones varias)
Next by thread: Re: /etc/group (tribulaciones varias)
Index(es):
- Date
- Thread