Re: sudo security Was: Reporting missing package during install
Bob Proulx writes:
> Gian Uberto Lauri wrote:
> > Bob Proulx writes:
> > > How would this be accomplished? (Answer cannot contain a use of sudo!
> > > No circular logic please.)
> > > ...
> > > Right. Because normal users can't change the system time.
> >
> > Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
>
> That is a user that already has full root privileges! That is not a
> normal user. That is a user that already has root. If they have root
> then they are already an administrator on the system and don't need to
> break into it.
Indeed the problem is that credentials cache joined with the 'username
ALL=(ALL) ALL' may lead to some hijacking problems
The time-stamp bug simply allowed someone who was "pick-pocketing" an
account (in the unlikely scenario[*] of someone finding an unguarded
shell open with credentials already cached) to extend the hijack of the
credential cache as long as he needed.
Another kind of attack relies on this poor/bad configuration of sudo.
It is a sort of man-in-the-middle between the user and the shell. This
attack would wait until credentials are cached and then issue hidden
command to the shell.
I think that creating such an attack in a stealthy way is not too hard
to do and a large base of users with the default 'user ALL=(ALL) ALL'
configuration and lack of knowledge would be a good target for
this attack.
[*] unlikely or not, everybody felt the urge to fix the problem.
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: