Jon Hart wrote: > On Sun, Jul 06, 2003 at 12:30:34PM -0700, Stephen Samuel wrote: >>Proof of concept: >> >>as youreslf: >>ln -s /var/run/sudo/$USER/unknown:root /tmp/oops >> >>as root: >>touch /tmp/oops > Actually, I'm not sure this entirely true. Well, it is, but there is > another important condition that must be met for this (or similar) > attacks to work properly -- /var/run/sudo/$USER/ must exist. This means > that the user must have previously sudo'd at lease once and > /var/run/sudo/$USER/ will have been created. Yep. that sounds accurate, but it just raised another point for me (not quite blazingly obvious, but an issue to remember, nontheless): If, as an administrator, you use the GUI password thing to acces an admin function, you have to remember to (must be done as root)( remove the /var/run/sudo/$USER/* files -- or else the user has (essentially) full root prives until the file expires. I think that redhat should allow some way (and I really think it should be the default state) for people to indicate that they do *NOT* want the system to remember that authorization. -- Stephen Samuel +1(604)876-0426 samuelat_private http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bring it to life.
This archive was generated by hypermail 2b30 : Fri Jul 11 2003 - 13:33:41 PDT