Network Security: Detailed info on RE: Sudo tricks

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

RE: Sudo tricks

from [Burton Strauss] Network Security

[Permanent Link]

Subject:	RE: Sudo tricks
Date:	Wed, 29 Mar 2006 11:46:42 -0600

Isn't the real meat of this issue the commands an unprivileged user is
permitted to execute via sudo?

Sudo isn't a blanket 'execute anything' unless it's set up that way.
Instead, you should carefully choose the specific command(s) that the user
needs to be allowed to execute.  That should involve execution from an
absolute path and a protected binary.

For example, if visudo contains this

/sbin/ifconfig eth0

Then all the user can execute is the ifconfig command from the protected
binary in /sbin/ifconfig to see the state of the interface.

Or this

/sbin/ifconfig eth0 *

Allows him/her full control of eth0 - but still from the protected binary in
/sbin/ifconfig.

If you specify this:

ifconfig eth0 *

Then all bets are off...




-----Burton

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Sudo tricks, John Richard Moser Re: Sudo tricks, Dave Korn Re: Sudo tricks, Kyle Wheeler Re: Sudo tricks, Thomas M. Payerle Re: Sudo tricks, Krzysztof Halasa RE: Sudo tricks, Burton Strauss <= Re: Sudo tricks, Steven M. Christey Re: Sudo tricks, Javor Ninov

Previous by Date:	RE: recursive DNS servers DDoS as a growing DDoS problem, Geo.
Next by Date:	Re: Re: Cantv/Movilnet's Web SMS vulnerability., rrecabarren
Previous by Thread:	Re: Sudo tricks, Krzysztof Halasa
Next by Thread:	Re: Sudo tricks, Steven M. Christey
Indexes:	[Date] [Thread] [Top] [All Lists]