Which one is better solution?

To: debian-security@lists.debian.org
Subject: Which one is better solution?
From: JungHwan Kang <ultractgm@gmail.com>
Date: Sat, 15 Dec 2018 19:59:34 +0900
Message-id: <[🔎] CA+v01c8AZmHr4extaQFsfXq+TgjQ1LvzgJ5WDFd6JTyy=DuKog@mail.gmail.com>

Sometimes, I use a sudo command with -s options for keeping
environment variables for users account(sudoer). I also know -s option
runs the shell specified by the SHELL environment variable. But the
SHELL environment variable can be manipulated by other users having
the same privilege.

So, I think an adversary is able to abuse the changing SHELL
environment variable for privilege escalation like a video below. (I
assume the adversary owned the permission for executing a shell on a
remote)

https://youtu.be/JSQjIm7377o (unlisted state)

I know it is uncertain when the sudo is executed with -s option by sudoer.

Anyway, I have thought of the solutions to the issue below.
 - using a pkexec of a Policy kit,
 - disable a ptrace function via kernel.yama.ptrace_scope, CAP_SYS_PTRACE.

Could you give some advice and comments?

Thx.

Reply to:

Follow-Ups:
- Re: Which one is better solution?
  - From: Shea Alterio <krusete@gmail.com>

Prev by Date: Re: Appuntamento con il nuovo ciclo di lectiones magistrales di AFIP International
Next by Date: Re: Which one is better solution?
Previous by thread: Re: Appuntamento con il nuovo ciclo di lectiones magistrales di AFIP International
Next by thread: Re: Which one is better solution?
Index(es):
- Date
- Thread