Re: What can't sudo do?
On Tue, Mar 16, 2004 at 09:19:28AM -0800, Steve Lamb wrote:
> Colin Watson wrote:
> >But your setup has more or less the same properties: someone only has to
> >gain access to your account, wait until you next type 'su', and then
> >sniff your password. Easy.
> Uhm, how easy? I mean how would they do that, exactly? I mean isn't
> the whole point of SSH to prevent that sort of thing? :P
It has nothing to do with ssh: ssh only protects the communications
channel from eavesdroppers, not processes on the remote system from each
other. If they already have access to your account on the remote
machine, then for example strace would do (although you might notice the
performance drop), or a trivial modification to your shell startup files
to alias 'su' to something that grabbed the password and passed it on to
the real 'su'.
There are any number of techniques once they're in as the user from
which privilege is escalated.
Colin Watson [email@example.com]