[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VI wrapper for SUDO?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain; charset=us-ascii

In message <[🔎] 20011129231148.9C28337598@gray.impulse.net>, Ted Cabeen writes:
>In message <[🔎] 20011129165355.A15543@ch208h>, Mike Renfro writes:
>>> A lazy sysadmin, not thinking through the ramifications, might put
>>> things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking
>>> that it limits access.  But of course, vi has the ":e" command...
>>
>>and it looks like nvi still supports the secure options mentioned
>>there.
>
>Vim also supports something similar, either by prepending r to the executable 
>name (rvim) or adding the -Z flag.

However, thinking about it, this doesn't work.  If you're editing as root, you
can use :e to switch to editing a SUID root file (any one you can write to
will work), delete the entire contents, and then use :r to bring in the 
/bin/sh executable. You'd need an editor that couldn't edit binary files to
prevent this attack.

- -- 
Ted Cabeen           http://www.pobox.com/~secabeen            ted@impulse.net 
Check Website or Keyserver for PGP/GPG Key BA0349D2         secabeen@pobox.com
"I have taken all knowledge to be my province." -F. Bacon  secabeen@cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot        cabeen@netcom.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: Exmh version 2.5 07/13/2001

iD8DBQE8BsLwoayJfLoDSdIRAqoVAJ9KXDHVefmPsbnKU63vjNbtpwdyWQCfXvI/
n0N0MbChXeou3l/Jj3JRqMM=
=DucW
-----END PGP SIGNATURE-----
Reply to: