lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m3lkuuu2bm.fsf@defiant.localdomain>
Date: Tue, 28 Mar 2006 15:27:25 +0200
From: Krzysztof Halasa <khc@...waw.pl>
To: John Richard Moser <nigelenki@...cast.net>
Cc: bugtraq@...urityfocus.com
Subject: Re: Sudo tricks


John Richard Moser <nigelenki@...cast.net> writes:

> My conclusion is that the only real way to protect against this is for
> bash to look for every binary in your path when you don't specify a
> path; and check to see if any of those binaries is SUID.  If even one
> is, it should FLAT OUT IGNORE any aliases or non-SUID matches (to avoid
> PATH=$HOME attacks).  What do you all think?

It won't work. If your non-root account is compromised you can't use
sudo, su (or anything that changes access rights) safely. For example,
you can't be sure what shell are you using.

The password check (or other challenge) does only make sense if the
terminal (on which it's entered: shell and user account count too) and
the machine which checks it (the system) are both secure.

I usually use a term "security level" to show what could in theory
be safe and what can never be safe. For instance, root have higher
security level than others on the same machine. "Trusted" machines
(such as admin's terminal) have higher levels than non-trusted
(multi-user, servers etc.): I can safely ssh from my non-root account
on my secure terminal to root@...e.server but the reverse is forbidden.

Switching to higher level is never safe. Switching to lower level _can_
be safe - under conditions.

One can consider root and non-root admin account to have the same
security level, though (with non-root account used instead of root
to limit accidental damage only).
-- 
Krzysztof Halasa


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ