Re: What can't sudo do?

To: debian-user@lists.debian.org
Subject: Re: What can't sudo do?
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 16 Mar 2004 17:32:36 +0000
Message-id: <[🔎] 20040316173236.GA15568@riva.ucam.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 40573720.10208@dmiyu.org>
References: <[🔎] 20040315225249.GC5390@hank.org> <[🔎] 20040316004005.GD2394@riva.ucam.org> <[🔎] 40573720.10208@dmiyu.org>

On Tue, Mar 16, 2004 at 09:19:28AM -0800, Steve Lamb wrote:
> Colin Watson wrote:
> >But your setup has more or less the same properties: someone only has to
> >gain access to your account, wait until you next type 'su', and then
> >sniff your password. Easy.
> 
>     Uhm, how easy?  I mean how would they do that, exactly?  I mean isn't 
>     the whole point of SSH to prevent that sort of thing?  :P

It has nothing to do with ssh: ssh only protects the communications
channel from eavesdroppers, not processes on the remote system from each
other. If they already have access to your account on the remote
machine, then for example strace would do (although you might notice the
performance drop), or a trivial modification to your shell startup files
to alias 'su' to something that grabbed the password and passed it on to
the real 'su'.

There are any number of techniques once they're in as the user from
which privilege is escalated.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- What can't sudo do?
  - From: Bill Moseley <moseley@hank.org>
- Re: What can't sudo do?
  - From: Colin Watson <cjwatson@debian.org>
- Re: What can't sudo do?
  - From: Steve Lamb <grey@dmiyu.org>

Prev by Date: debian-installer beta 3 released
Next by Date: Re: Next stable release: 13 CD's
Previous by thread: Re: What can't sudo do?
Next by thread: Re: What can't sudo do?
Index(es):
- Date
- Thread