[X-Unix] Root Exploit via sudo
Stephen Jonke
sjj_public at mac.com
Fri Apr 8 06:23:30 PDT 2005
On Apr 8, 2005, at 6:49 AM, Stroller wrote:
> Erm... the way I'm reading this is that `sudo` is used anytime an
> application needs an admin user to enter their password. EG: run dodgy
> trojan, that sits in background & waits until updates are ready to
> install, user enters password to install updates, trojan elevates its
> privileges. Am I reading this incorrectly?
>
That's how I had interpreted it too, but I do see now that this is not
the case. I just tried running an installer with authentication and
then immediately tried a sudo in the terminal - it still requested my
password. I had thought it did work that way, but it would seem I was
mistaken. I think my mistake in this regard goes to back when there was
the issue that Finder authentication worked just like sudo, so you
could authenticate to drag copy a file into a restricted folder, and
then for 5 minutes all gates were open. They fixed that a while ago.
So the alleged security risk does seem to be a fairly marginal one - it
only applies to doing sudo in the terminal. Well, almost...
There is one exception. Via applescript you can effectively invoke the
sudo command, so such scripts do make it easy for Mom to use "sudo".
For example I created a script application that runs repairPermissions
"with administrator privileges" specifically to make that easier for
others to do. That prompts for an admin password and it uses "sudo" to
do its thing! Thus *I* have made it easy for my Mom to use the sudo
command! I tested this and verified that after a successful "with
authentication" you can do "sudo" in the terminal to your hearts
content (for 5 minutes anyway.) I'll have to rethink such things now.
The behavior of that should probably have its default behavior changed
to not stay authenticated after the command is issued!
Steve
More information about the X-Unix
mailing list