[Bug 1220586] New: sudo wrapper inside $HOME/bin
https://bugzilla.suse.com/show_bug.cgi?id=1220586 Bug ID: 1220586 Summary: sudo wrapper inside $HOME/bin Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: slawek@lach.art.pl QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Opensuse allows to ran executables from $HOME/bin. Placing malicious program (for example - bash script), called sudo, could execute code as root. Tbis program would call sudo with absolute path and own arguments. It could also call sudo with arguments passed to this program, but also call it after/before with own arguments. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 https://bugzilla.suse.com/show_bug.cgi?id=1220586#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de Component|Basesystem |Security Assignee|screening-team-bugs@suse.de |security-team@suse.de --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Also the user would not be able to anything that they were not already allowed to do previously. If the user has the root passport, they are root. If sudo is properly configured, this scenario does not cross security boundaries -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 https://bugzilla.suse.com/show_bug.cgi?id=1220586#c3 --- Comment #3 from Sławomir Lach <slawek@lach.art.pl> --- I do not known much about shells and file privileges system, especially DAC, but changing owner of ~/.profile, ~/.bash_profile, ~/.bashrc will do nothing, cause attacker could replace these files. Simply remove and write new. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 https://bugzilla.suse.com/show_bug.cgi?id=1220586#c4 --- Comment #4 from Sławomir Lach <slawek@lach.art.pl> --- I think, solution could be: let sudo check each parent executable. If it is named (file name, not invocation way) sudo, then real sudo will refuse to work. We can think about what happens, if attacker wr9te own bash to handle sudo invocarion in different way or define sudo alias. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 https://bugzilla.suse.com/show_bug.cgi?id=1220586#c5 --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- I think you are mistaken. In that case the user can only what we could already do: invoke sudo as per it's configuration. If the user has the root password they ARE ROOT. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 https://bugzilla.suse.com/show_bug.cgi?id=1220586#c8 --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> --- If an attacker has access to a user's account, and the user users the root password, then the attacker is already root and your example does cross a privilege boundary. You are describing a fundamental problem with probably a mis-unserstanding what sudo is and is not supposed to do. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1220586 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|Andreas.Stieger@gmx.de | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com