[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: security hole in sudo allows users full access
- From: Cy Schubert - ITSD Open Systems Group <Cy Schubert uumail gov bc ca>
- To: Wade Maxfield <maxfield ctelcom net>
- Cc: linux-security redhat com
- Subject: [linux-security] Re: security hole in sudo allows users full access
- Date: Sat, 13 Nov 1999 08:40:49 -0800
In message <Pine LNX 4 10 9911112126510 13656-100000 one ctelcom net>, Wade Max
field writes:
>
> While sudo is used to give fairly trusted users the ability to run
> programs with root privs, there exists a hole in the one in the RedHat
> contrib directory (sudo 1.5.9.p4) which allows a minimally trusted user to
> obtain full root access and privilege.
>
> If a user is given the opportunity to run any program, that user can
> fool sudo and obtain any level of privilege for any executable.
>
> Assume the user can run "/bin/treport" as listed in the sudoers file.
> (The actual program name does not matter.)
>
> the user copies /bin/vi to ./treport (assuming the user is in a
> directory in which he has write and execute priv.) the user then executes
> the following line:
>
> sudo ./treport /etc/shadow
>
> vi is executed with root privilege and shadow is opened. The full path
> of treport is not required. The correct path of treport is not required.
>
> This program should be restricted only to _very_ trusted users in the
> meantime.
To fix this reconfigure sudo with --with-ignore-dot or
--with-secure-path.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy Schubert uumail gov bc ca
ITSD Cy Schubert gems8 gov bc ca
Province of BC
"e**(i*pi)+1=0"
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]