On Aug 22, 2006, at 1:04 AM, Ansgar -59cobalt- Wiechers wrote:
A "stripped down environment to lower the risk ..." when talking about
running a root shell? You're kidding me, right?
you're missing the point. it's not what happens _after_ the shell is
invoked that's important, it's the process that the 'sudo' tool uses
_before_ dumping you to a shell that matters. sudo basically does
common-sense checking to make sure, as best it can, that the bash
being invoked isn't linked to any improperly configured and/or
malicious libraries, makes sure that the bash instance isn't passed
any malicious environment vars (such as PATH=".") that could lead to
eventual compromise of the system.
'sudo su' doesn't give a password prompt because root is _never_
asked for a password when it executes su. 'sudo su' basically says
'execute su as root', but then uses 'su' (which is insecure) to
generate to process that could be harmful.
think about it like this.
let's say that, for whatever reason, someone's managed to place a
malicious 'bash' in your current directory.
sudo -s -> authenticates, strips . from your PATH, and executes /bin/
bash
sudo su -> authenticates, strips . from your PATH, executes su, which
has an opportunity to place . back in your PATH, and possibly
executes the malicious bash.
clear?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
