Re: sudo security Was: Reporting missing package during install
Ralf Mardorf writes:
> http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
The attack described in the post is the kind of hijack I thought
about.
> But note! The Chaos Computer Club does publish howtos using sudo on
> Linux: http://muc.ccc.de/uberbus:ubd
>
> I don't think the Chaos Computer Club folks would write a howto using
> sudo, if sudo would be a security risk.
Firs of all, is not sudo itself the problem (or else I would not use
it):
is how you *USE* it, and this includes *CONFIGURING*.
If you give "Universa Universis Sudo Libertas"[*] - that is 'username
ALL=(ALL) ALL', then the attacker will have unlimited freedom. If your
configuration limits the use of sudo, then the attacker opportunities
will be limited too.
The use of sudo like in the howto you quote requires all the commands
used to be permitted by the policies in /etc/sudoers. (Actually the
tutorial seems to suggest the 'username ALL=(ALL) ALL' sudo
configuration)
If I were an attacker using the credential hijack, I will be more than
happy to have "cp" available for use with sudo.
May I suggest:
cp /etc/shadow .
vi shadow (do some nasty thing)
cp shadow /etc/shadow
Note: this is an example of a non stealty attack. A stealty attack
would replace a sensible binary without even changing its timestamp.
([*] sorry folks, could not resist paraphrase my university motto that
means "Complete on all thing the freedom of Padua")
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: