[X-Unix] Root Exploit via sudo

Juan Manuel Palacios jmpalaciosp at eml.cc
Fri Apr 8 07:03:56 PDT 2005 

On Apr 8, 2005, at 9:23 AM, Stephen Jonke wrote:

>
> That's how I had interpreted it too, but I do see now that this is not 
> the case. I just tried running an installer with authentication and 
> then immediately tried a sudo in the terminal - it still requested my 
> password. I had thought it did work that way, but it would seem I was 
> mistaken. I think my mistake in this regard goes to back when there 
> was the issue that Finder authentication worked just like sudo, so you 
> could authenticate to drag copy a file into a restricted folder, and 
> then for 5 minutes all gates were open. They fixed that a while ago.
>
> So the alleged security risk does seem to be a fairly marginal one - 
> it only applies to doing sudo in the terminal. Well, almost...
>
> There is one exception. Via applescript you can effectively invoke the 
> sudo command, so such scripts do make it easy for Mom to use "sudo". 
> For example I created a script application that runs repairPermissions 
> "with administrator privileges" specifically to make that easier for 
> others to do. That prompts for an admin password and it uses "sudo" to 
> do its thing! Thus *I* have made it easy for my Mom to use the sudo 
> command! I tested this and verified that after a successful "with 
> authentication" you can do "sudo" in the terminal to your hearts 
> content (for 5 minutes anyway.) I'll have to rethink such things now. 
> The behavior of that should probably have its default behavior changed 
> to not stay authenticated after the command is issued!
>
> Steve


	Authentication through the Mac OS X GUI is not routed via sudo, this 
is a common misconception. Whatever panel you see asking you for your 
admin password is plugging directly into the various security 
frameworks offered by the system (look in 
/System/Library/Frameworks/Security*), so the scope of this "glitch" is 
indeed rather limited. It is true that Apple *could* setup things 
differently to further limit this "vulnerability" (outputting to a more 
secure log file is quite reasonable), but trying to point this out as a 
Mac OS X specific vulnerability is rather absurd and pointless in my 
opinion. In any case, it could only be argued that Mac OS X is not 
*shipped* as secure as it could be, but the potential of being that 
secure is definitely there, already built into the system and into 
sudo.

	Most definitely a non-issue for the vast majority of people, again in 
my opinion. Regards,...


		Juan

More information about the X-Unix mailing list