Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041023102910.GC1297@schottelius.org>
Date: Sat, 23 Oct 2004 12:29:10 +0200
From: Nico -telmich- Schottelius <nico-linux-owl@...ottelius.org>
To: owl-users@...ts.openwall.com
Subject: Re: sudo: why not?

Good morning,

Solar Designer [Sat, Oct 23, 2004 at 03:38:23AM +0400]:
> On Fri, Oct 22, 2004 at 02:32:37PM +0200, Nico -telmich- Schottelius wrote:
> > Solar Designer [Wed, Oct 20, 2004 at 11:55:16PM +0400]:
> > > [su and sudo security problems]
> > 
> > Well, this is not a problem anymore, if you use enhanced
> > kernel security. For instance using RSBAC (www.rsbac.org)
> > one can define exaclty what program and which user may use
> > setuid from which uid to which uid.
> 
> RSBAC is great, but I feel that you've missed the point.  If it would
> be permitted for a non-root user to su to root, then anyone who could
> have compromised the user's account[1] would also be able to hijack a
> su session[2] and then su to root himself.  This attack is not affected
> by kernel policy enforcement in any way.
> 
> [1] Such a compromise could occur in a variety of ways: Web/FTP/etc.
> client vulnerabilities, password snooping, etc.
> 
> [2] For example, edit the user's shell startup scripts to make su an
> alias for a custom su wrapper program.

Isn't that a problem of any tool, which allows to change to a higher
security level?

I just wanted to point to rsbac, as it at least removes the possibility
for most users to setuid() and that way to 'exploit' su.

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.