[Novalug] sudo (sorta) question
Nicholas Brenckle
nbrenckle at gmail.com
Tue Apr 10 15:05:07 EDT 2007
For grins I tested this, and no it didnt work. Mostly because the sudo lets
the original script run with sudo, and drop the privledges at the &. (Note:
the ";" didnt work, gave me syntax errors so perhaps I wasn't formulating
the 'hack' correct) I tested this with a much safer ls -l
/home/someusernotme and a whoami command. Those returned "Permission
denied" and my username respectively. Maybe sudo is smarter then we think?
I guess the end result is I cant lock tcpdump or tethereal to a specific
ethernet. It wasn't a lack of trust thing as the box will ONLY be used for
engineering to do network sniffing, and really they have bigger badder keys
to the kingdom then me locking them from root on this box anyway. This was
just an exercise in "proper seperation of priveledge"
-Nick
On 4/10/07, Kevin Dwyer <kevin at pheared.net> wrote:
>
> On Tue, Apr 10, 2007 at 12:01:25PM -0500, Bernie Hoefer wrote:
> > the script will assign "& ; rm -rf /*" to the $1 variable. That means
> > this will be executed as root (assuming "tcpdump-script" is my example
> > script from my message of Mon, 09 Apr 2007 23:25:33 -0500):
> >
> > /usr/sbin/tcpdump -i eth1 -n & ; rm -rf /*
> >
> > The ampersand puts the tcpdump command in the background, and then
> > continues to execute (again, as root) the "rm -rf /*" command. Garrett
> > example was the extreme of some user recursively removing the root
> > directory, but his point was that the script was a gigantic security
> > hole for a user who has limited sudo privilege for that tcpdump-script
> > to do anything he/she wants.
>
> Have you actually tried this (replace rm -rf /* with ls -l / or
> something)? I don't think it does what you're afraid it does. There
> may or may not be another way to inject a command like this, but I don't
> think this is it.
>
> -kpd
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20070410/1c2ecf82/attachment.html
More information about the Novalug
mailing list