Re: If you care about debian's security read this

To: Gustavo Noronha Silva <kov@debian.org>
Cc: debian-devel@lists.debian.org, 134521@bugs.debian.org
Subject: Re: If you care about debian's security read this
From: karlheg@microsharp.com (Karl M. Hegbloom)
Date: 04 Mar 2002 15:04:31 -0800
Message-id: <[🔎] 87wuwssznk.fsf@juniper.intra.microsharp.com>
In-reply-to: <[🔎] 20020303214210.0f74c2ef.kov@debian.org>
References: <[🔎] 20020303081334.6e250e51.kov@debian.org> <[🔎] 20020303195727.GA23881@cibalia.gkvk.hr> <[🔎] 20020303201613.GA24788@cibalia.gkvk.hr> <[🔎] 20020303214210.0f74c2ef.kov@debian.org>

>>>>> "Gustavo" == Gustavo Noronha Silva <kov@debian.org> writes:

    Gustavo> this is my sudoers line:

    Gustavo> kov     ALL = (root) NOPASSWD: /usr/sbin/chroot, /usr/sbin/pbuilder, PASSWD: /usr/bin/apt-get

    Gustavo> it means that 'kov' from ALL hosts = allowed to run as
    Gustavo> root without being asked for a password commands chroot,
    Gustavo> pbuilder and is allowed to run as root after being asked
    Gustavo> *kov's* password the program apt-get

    Gustavo> so, notice that sudo never asks the root password and
    Gustavo> with that sudoers line my user cannot run /bin/sh

 Cynicly, I'd say "true, unless one of those programs has an
 exploitable buffer overrun, which is somewhat possible since often
 enough the programmer thinks it won't be run by a non-root user as
 root anyway, so why bother with the complexity of overrun protection,
 since if root runs it he's already root".  But that's beside the
 point, of course, isn't it?

    Gustavo> now, for gnome-sudo to run your user needs to be able to
    Gustavo> run /usr/lib/gnome-sudo/gnome-sudo-helper with the
    Gustavo> "target user" (root, in this case)

    Gustavo> but gnome-sudo-helper is a script that calls any command
    Gustavo> you ask it to... so having it on /etc/sudoers is the same
    Gustavo> as making /bin/sh setuid... or replacing the user's uid
    Gustavo> with '0'... as Joey Hess said it is easier to run gnome
    Gustavo> as root if you are to use gnome-sudo

 Great.  What school's computers is this installed on?  (And wait
 until I reprogram the keyboards!  SAK won't do squat.)

    Gustavo> I guess that when an admin installs a package it wants it
    Gustavo> to work, if it comes from Debian the admin may blindly
    Gustavo> trust the package and open that root whole

 Yes, Trust Us.

    Gustavo> I strongly recommend that you use xsu instead... it is
    Gustavo> not a root hole...

 (rhetorical) I wonder why they wrote gnome-sudo if there's already an
 "xsu"?

-- 
mailto: (Karl M. Hegbloom) karlheg@microsharp.com
Free the Software  http://www.debian.org/social_contract
http://www.microsharp.com
phone://USA/WA/360-260-2066

Reply to:

References:
- If you care about debian's security read this
  - From: Gustavo Noronha Silva <kov@debian.org>
- Re: If you care about debian's security read this
  - From: Josip Rodin <joy@cibalia.gkvk.hr>
- Re: If you care about debian's security read this
  - From: Josip Rodin <joy@cibalia.gkvk.hr>
- Re: If you care about debian's security read this
  - From: Gustavo Noronha Silva <kov@debian.org>

Prev by Date: Re: If you care about debian's security read this
Next by Date: Re: Book listing web site? (Re: [OT] Book Recommendation: Software Architect Boot Camp)
Previous by thread: Re: If you care about debian's security read this
Next by thread: Re: If you care about debian's security read this
Index(es):
- Date
- Thread