[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which one is better solution?

On 12/15/18, Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
> On Sat, 15 Dec 2018, 12:29 Shea Alterio <krusete@gmail.com wrote:
>> As far as I know, pkexec doesn't validate arguments, so it might not be
>> ideal if you are worried about people trying to trick it.
>> On Sat, Dec 15, 2018 at 6:15 AM JungHwan Kang <ultractgm@gmail.com>
>> wrote:
>>> Sometimes, I use a sudo command with -s options for keeping
>>> environment variables for users account(sudoer). I also know -s option
>>> runs the shell specified by the SHELL environment variable. But the
>>> SHELL environment variable can be manipulated by other users having
>>> the same privilege.
>>> So, I think an adversary is able to abuse the changing SHELL
>>> environment variable for privilege escalation like a video below. (I
>>> assume the adversary owned the permission for executing a shell on a
>>> remote)
>>> https://youtu.be/JSQjIm7377o (unlisted state)
>>> I know it is uncertain when the sudo is executed with -s option by
>>> sudoer.
>>> Anyway, I have thought of the solutions to the issue below.
>>>  - using a pkexec of a Policy kit,
>>>  - disable a ptrace function via kernel.yama.ptrace_scope,
>>> Could you give some advice and comments?
> I prefer su or u+S on a script

I've read the above responses and am not quite sure how this fits in
but decided to post anyway. :)

I started using "su" myself in last year or so. A blip that quickly
left my memory was that I'd seen a hyphen ("-") used at some point but
didn't understand the importance of adding the hyphen as needed
BECAUSE "su" appeared to work just fine WITHOUT the hyphen. :)

A few weeks ago, that very helpful topic came up on Debian-User, but
now I can't find that reference. Via Super User/StackExchange [0], I
*did* find:

"Of noteworthyness: This is particularly useful when su-ing to root as
without using the hypen to start a new login shell, your $PATH won't
get updated and thus you won't be able to directly call root-only
binaries in /sbin and /usr/sbin "

That important detail about fits what was shared on Debian-User
recently. Am additionally posting because it's not something newcomers
(and even old timers) to that concept encounter very readily out there
in the wild. :)

Cindy :)

[0] https://superuser.com/questions/453988/whats-the-difference-between-su-with-and-without-hyphen

Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

Reply to: