https://bugzilla.novell.com/show_bug.cgi?id=468923
User devzero@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=468923#c4
roland kletzing changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |devzero@web.de
--- Comment #4 from roland kletzing 2009-01-24 04:06:28 MST ---
so, is there a security bug in sudo itself or is it about "how to escape into
root via an arbitrary command, run from sudo?"
if it´s the latter, then it`s not a bug but "by design" - and also already
known, as the manpage tells:
CAVEATS
There is no easy way to prevent a user from gaining a root shell if that
user is allowed to run arbitrary commands via sudo. Also, many programs (such
as editors) allow the user to run commands via shell escapes, thus avoiding
sudo’s checks. However, on most systems it is possible to prevent shell escapes
with sudo’s noexec functionality. See the sudoers(5) manual for details.
It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
since when the command exits the parent process (your shell) will still be
the same. Please see the EXAMPLES section for more information.
If users have sudo ALL there is nothing to prevent them from creating their
own program that gives them a root shell regardless of any ’!’ elements in the
user specification.
Running shell scripts via sudo can expose the same kernel bugs that make
setuid shell scripts unsafe on some operating systems (if your OS has a
/dev/fd/ directory, setuid shell scripts are generally safe).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
