OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: How secure is sudo?
From: Riley Hassell (rileySPEAKEASY.NET)
Date: Wed Aug 16 2000 - 23:09:18 CDT


In my experience I have noticed many issues where sudo can be a security
problem.

Here are some hints to avoid exploitation of it.

1. Keep in mind that tools that are not suid are not nearly as secure.
example:

Say you have a command (cmd) that looks up a user's record in a small
database of basic
information.

Syntax: cmd john_doe

Unfortunately you need to allow your employess to access another more
secure
user database to Delivery Information. This new database has read access
turned
off for regular users.

SUDO is the solution!!!

You have (Bob) one of your underpaid,overworked developers write a quick
script called
sec_db that does it all...

How convienent.
At this rate you might be twice as efficient as before.
YAY!!!

#!/bin/bash
if [ $# -ne 1 ]
then
echo "Syntax: secdb <username>"
exit 1
fi
sudo cmd --new-database secret_db $1

Unfortunately cmd doesn't check arguments strings very well.
#

2. There are many interesting coding errors in sudo.
example:
sudo cmd `perl -e 'print "A"x7000'`

Conclusion:

Sudo can be a extremely useful, but do yourself a favor and have a security
competant programmer install it.

Chao!

  Riley Hassell
  Network Security
  Speakeasy Networks

http://www.cyphernaut.net/

Harr, Jeff" wrote:

> Well, I can't answer your other questions, but "sudo vi" anything would
> be bad because once they get into vi, then can just go :sh, and get a
> rootshell. Now most of us know better than to do this, but I know
> someone who did it in a real-life production setting just recently
> (whistle).
>
> jeff
>
> -----Original Message-----
> From: John Muirhead-Gould [mailto:muirhejsYAHOO.COM]
> Sent: Monday, August 14, 2000 1:42 PM
> To: FOCUS-LINUXSECURITYFOCUS.COM
> Subject: How secure is sudo?
>
> I am running a Red Hat 6.2 box, and I am rather concerned
> about security. Unfortunately, the need has arisen for me
> to have an account without a password that executes a small
> script as root that updates some network stuff. I chose
> sudo for this task. My sudoers file has something like
> this in it:
>
> Cmnd_Alias NET = /home/netuser/network-stuff
> netuser ALL = NOPASSWD: NET
>
> The passwd file specifies 'sudo /home/netuser/network-
> stuff' as the shell.
>
> There is no opportunity for the user to provide any input
> to the script- it simply runs and exits. Is this the best
> way to do this? Something else that may clarify- the
> nature of the beast is so that it can't really be turned
> into a DOS with someone repeatedly running this thing.
>
> As far as I can tell, while this is running, shell access
> can't be gained.
>
> Another general question regarding sudo- what is the best
> way to allow users to edit other people's files- 'sudo vi',
> for example? I find this to pose a problem because
> couldn't the user 'sudo vi /etc/sudoers'? I'm assuming
> there is an easy way to prevent this, but am too lazy to
> hunt down how it is done.
>
> Thanks,
>
> John Muirhead-Gould