sudo and command line expansion
From: Jay G. Scott (gl@arlut.utexas.edu)
Date: 12/17/02
- Next message: Ric: "Re: Puttygen saved keys and FreeBSD ssh"
- Previous message: Jeff Pettorino: "Re: Puttygen saved keys and FreeBSD ssh"
- Next in thread: Kent Smith: "Re: sudo and command line expansion"
- Reply: Kent Smith: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: gl@arlut.utexas.edu (Jay G. Scott) Date: 17 Dec 2002 10:23:34 -0600
Greetings,
What's to prevent a cracker from doing something like this:
sudo /usr/bin/ls `/bin/sh /tmp/gimmerootprivs`
I can't make this work, but I'm hardly an expert.
Is sudo any more or less vulnerable than regular
command line expansion?
If this worked, all is lost:
ls `/bin/sh /tmp/gimmerootprivs`
Does adding sudo to the mix make things any better or worse?
(I know if the `portion` is innocent enough it will expand.
Ie, `ls /proc` will expand.)
-- Jay Scott 512-835-3553 gl@arlut.utexas.edu Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin
- Next message: Ric: "Re: Puttygen saved keys and FreeBSD ssh"
- Previous message: Jeff Pettorino: "Re: Puttygen saved keys and FreeBSD ssh"
- Next in thread: Kent Smith: "Re: sudo and command line expansion"
- Reply: Kent Smith: "Re: sudo and command line expansion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
