On Sat, Mar 31, 2001 at 11:06:31PM -0800, Karsten M. Self wrote: > on Sat, Mar 31, 2001 at 08:45:25AM -0600, John Hasler (john@dhh.gt.org) wrote: > > Ethan Benson writes: > > > cat <<EOF >> ~/.bashrc > > > alias su='su -c ~/.virus' > > > EOF > > > > su might benefit from a configuration file that sets the permissable path > > for -c. > > > > Another possible fix might be for bash to somehow detect "gain-root" > > commands and refuse to alias them. > > Nope. > > sudo provides this functionality. 'su' allows you to become an > effective user. To use 'su' to execute root commands, you require the > root password. What, exactly, are you protecting against. my trick would work on sudo as well, at least the way most people configure it -- by adding a line like this: thierusername ALL=(ALL) ALL in which case they can use sudo to execute ANYTHING as root. so... cat <<EOF >> ~/.bashrc alias sudo='sudo ~/.virus' EOF same thing as su, if the account we added this to is the admin of the machine and they use su to gain root and perform the adminsitrative task they needed to perform, and they just type `su' at thier command prompt they will get a password: prompt as usual and will enter the root password, but in reality they just executed: su -c ~/.virus see the su man page to see what this does. now if the admin does everything via sudo instead of using short su sessions they will need a ALL=ALL line like above. so next time they sudo something, say: sudo apt-get update the shell will instead run sudo ~/.virus and sudo will ask the password and happily run ~/.virus as root. > Better, IMO, to use sudo to invoke su, and restrict rights to do so to > specified users. what does this buy you? see above. this is in fact less secure IMO, since it turns ordinary user passwords into the root password. if you want to restrict who is allowed to go to root invoke the `wheel' group policy. > For restricted commands access, use the tool designed for this task, > sudo. my point is that if the admin's account is the one getting the nice shell alias dropped into the next time they perform an administrative command -- however they accomplish it, either sudo or su -- they will potentially run the virus/trojan as root. in the case of a ordinary user who is allowed to run ONLY a very small handful of very safe unrootable programs via sudo this alias trick will fail. at least assuming you specify the absolute pathname to the command in /etc/sudoers. sudo with an ALL=ALL entry is just as dangerous (more so IMO, because it turns user passwords into multiple root passwords) then su. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp2AFpl0DQ94.pgp
Description: PGP signature