Re: Debian package manager privilege escalation attack

To: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: Debian package manager privilege escalation attack
From: Paul Tagliamonte <paultag@debian.org>
Date: Thu, 12 Aug 2021 08:59:15 -0400
Message-id: <[🔎] CAO6P2QRQhqxqV6eBcj2QGKoEn8byJr=YYuP92r66m5f=R9+Cpg@mail.gmail.com>
In-reply-to: <YRS+nJ+B/9yKvBQr@belkar.wrar.name>
References: <[🔎] CAO6YxPyH5DKH8TB8o=EsE0CesqrqP_Uh1+5DiJOeJjaaY9bPng@mail.gmail.com> <[🔎] c1a8b67be1d5da03e31ed303c775717ba7021c65.camel@hashvault.io> <[🔎] YRS1MipdfgwH1pU9@belkar.wrar.name> <[🔎] 6525c37489f03eb12ce522247096c03306497a93.camel@hashvault.io> <YRS+nJ+B/9yKvBQr@belkar.wrar.name>

> The focus of the article is "sudo access *only* to apt". When we talk
> about unrestricted sudo access it doesn't even make sense to talk about
> privilege escalation because unrestricted sudo is by design a privilege
> escalation.

Similarly, sudo access *only* to bash enables execution of loads of things.

Hand-installing a user-provided deb could do things like put suid root
binaries on the filesystem, too.


  Paul

--
:wq

Reply to:

References:
- Debian package manager privilege escalation attack
  - From: Timothy M Butterworth <timothy.m.butterworth@gmail.com>
- Re: Debian package manager privilege escalation attack
  - From: Brian Thompson <brian@hashvault.io>
- Re: Debian package manager privilege escalation attack
  - From: Andrey Rahmatullin <wrar@debian.org>
- Re: Debian package manager privilege escalation attack
  - From: Brian Thompson <brian@hashvault.io>
- Re: Debian package manager privilege escalation attack
  - From: Andrey Rahmatullin <wrar@debian.org>

Prev by Date: Re: Debian package manager privilege escalation attack
Next by Date: Re: Debian package manager privilege escalation attack
Previous by thread: Re: Debian package manager privilege escalation attack
Next by thread: Re: Debian package manager privilege escalation attack
Index(es):
- Date
- Thread