Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

sudoers might be used as security hole

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

sudoers might be used as security hole

#1 Post by bester69 »

Warning!!, you shouldn't use sudoers with a script file,
this is kind of a potencial exploit, By doing that you're compromising the whole the system , its' like giving root access to any user that find out that sudoerd file.

This is right now my sudoers file:
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/tee
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/killall
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/renice
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/ionice
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/chattr
fulano ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service
fulano ALL=(ALL:ALL) NOPASSWD: /usr/sbin/pm-suspend
fulano ALL=(ALL:ALL) NOPASSWD: /usr/sbin/alsactl
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/VBoxManage
fulano ALL=(ALL:ALL) NOPASSWD: /usr/bin/virtualbox
fulano ALL=(ALL:ALL) NOPASSWD: /home/fulano/scripts/script1.sh
fulano ALL=(ALL:ALL) NOPASSWD: /home/fulano/scripts/script2
....
fulano ALL=(ALL:ALL) NOPASSWD: /home/fulano/scripts/script-N.sh
I've like around 15 scripts in sudoers that might be used as an exploit. Any person that figure it out, just need to edit thoses scripts to get the root password. :?

Threre should be more potencial warnings about using scripts in sudoers file :x
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Segfault
Posts: 993
Joined: 2005-09-24 12:24
Has thanked: 5 times
Been thanked: 17 times

Re: sudoers might be used as security hole

#2 Post by Segfault »

You have weirdest understanding of security and user accounts. You could run your system as root, would not make any difference.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: sudoers might be used as security hole

#3 Post by bester69 »

Segfault wrote:You have weirdest understanding of security and user accounts. You could run your system as root, would not make any difference.
So then, how do i run a script or command that needs admin permissions If it's not by making use of sudoers??. If im doing this way, i can imagine many people committing the same temerity, sorry can you put some light on this ?, thanks
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: sudoers might be used as security hole

#4 Post by acewiza »

bester69 wrote:I've like around 15 scripts in sudoers that might be used as an exploit.
That seems like a bad idea.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

User avatar
cpoakes
Posts: 99
Joined: 2015-03-29 04:54

Re: sudoers might be used as security hole

#5 Post by cpoakes »

Nope. Any binary is as vulnerable as a any script when the file permissions allow anyone other than the owner to modify it.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: sudoers might be used as security hole

#6 Post by Head_on_a_Stick »

deadbang

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: sudoers might be used as security hole

#7 Post by alan stone »


User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: sudoers might be used as security hole

#8 Post by debiman »

bester69 wrote:So then, how
enter the password.
security is always a trade-off with convenience.
seems you have chosen convenience (NOPASSWD), so stop complaining that your system lacks security.

PS:
this actually really made me Laugh Out Loud... :lol:

Post Reply