[X-Unix] Re: Root Exploit via sudo

Kuestner, Bjoern Bjoern.Kuestner at drkw.com
Wed Apr 13 00:20:58 PDT 2005


>>>
>> if you simply change the place where sudo logs to,
>> the security hazard is removed without added inconvenience.
>
> I think you have to not only change the place but also
> a) secure that a script cannot easily read from a config file the new
> location
> b) better, secure the permission for the new log file.

If you read the official note at
http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0

it will recommend to change the logging to /var/log/secure.log which is 
owned by root and chmod 600 by default
<<<

I knew that. Just the posted lines were ambiguous enough, leaving the option
to change the sudo log to any other place and not minding the permissions.
And that is simply not enough.

Security Focus suggested one good place which per default also meets the
condition b) of more restrictive permission. 

But I thought you were trying to go beyond this specific recommendation and
hinting that one could use any place for the sudo log. Which is true ... if
the permissions are changed.

Well, I guess, most people on this list are knowledgeable enough to figure
that writing sudo logs to a world-readable file would solve the problem only
partially.

Bjorn


--------------------------------------------------------------------------------
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express 
written permission of the sender. If you are not the intended recipient, please 
contact the sender either via the company switchboard on +44 (0)20 7623 8000, or
via e-mail return. If you have received this e-mail in error or wish to read our
e-mail disclaimer statement and monitoring policy, please refer to 
http://www.drkw.com/disc/email/ or contact the sender. 3166
--------------------------------------------------------------------------------



More information about the X-Unix mailing list