Re: Which one is better solution?
On 12/15/18, Ruslanas Gžibovskis <email@example.com> wrote:
> On Sat, 15 Dec 2018, 12:29 Shea Alterio <firstname.lastname@example.org wrote:
>> As far as I know, pkexec doesn't validate arguments, so it might not be
>> ideal if you are worried about people trying to trick it.
>> On Sat, Dec 15, 2018 at 6:15 AM JungHwan Kang <email@example.com>
>>> Sometimes, I use a sudo command with -s options for keeping
>>> environment variables for users account(sudoer). I also know -s option
>>> runs the shell specified by the SHELL environment variable. But the
>>> SHELL environment variable can be manipulated by other users having
>>> the same privilege.
>>> So, I think an adversary is able to abuse the changing SHELL
>>> environment variable for privilege escalation like a video below. (I
>>> assume the adversary owned the permission for executing a shell on a
>>> https://youtu.be/JSQjIm7377o (unlisted state)
>>> I know it is uncertain when the sudo is executed with -s option by
>>> Anyway, I have thought of the solutions to the issue below.
>>> - using a pkexec of a Policy kit,
>>> - disable a ptrace function via kernel.yama.ptrace_scope,
>>> Could you give some advice and comments?
> I prefer su or u+S on a script
I've read the above responses and am not quite sure how this fits in
but decided to post anyway. :)
I started using "su" myself in last year or so. A blip that quickly
left my memory was that I'd seen a hyphen ("-") used at some point but
didn't understand the importance of adding the hyphen as needed
BECAUSE "su" appeared to work just fine WITHOUT the hyphen. :)
A few weeks ago, that very helpful topic came up on Debian-User, but
now I can't find that reference. Via Super User/StackExchange , I
"Of noteworthyness: This is particularly useful when su-ing to root as
without using the hypen to start a new login shell, your $PATH won't
get updated and thus you won't be able to directly call root-only
binaries in /sbin and /usr/sbin "
That important detail about fits what was shared on Debian-User
recently. Am additionally posting because it's not something newcomers
(and even old timers) to that concept encounter very readily out there
in the wild. :)
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *