On Tue, Jan 03, 2006 at 08:24:44PM +0200, Juha Erkkila wrote:
> On Tue, Jan 03, 2006 at 07:04:36PM +0100, Joachim Schipper wrote:
> > On Tue, Jan 03, 2006 at 12:45:46PM -0500, Michael Erdely wrote:
> > > Add dad to the operator group which can run /sbin/shutdown without sudo.
> >
> > That's not a very good idea.
> >
> > $ ls -la /dev/wd*
> > brw-r----- 1 root operator 0, 0 Nov 2 18:20 /dev/wd0a
> > brw-r----- 1 root operator 0, 1 Nov 2 18:20 /dev/wd0b
> > brw-r----- 1 root operator 0, 2 Nov 2 18:20 /dev/wd0c
> > <more>
> > brw-r----- 1 root operator 0, 15 Nov 2 18:20 /dev/wd0p
> > brw-r----- 1 root operator 0, 16 Nov 2 18:19 /dev/wd1a
> > <and so on>
> >
> > And operator has more priviliges; more than enough to trash the system,
> > if he wants to, or to get root, if he is somewhat skilled. Far better to
> > just change a single line in /etc/sudoers.
>
> while i don't disagree with your advice, could you still advice me
> on messing things up with operator privileges, as i'm curious...
> because i can't see how being able to read disks will give out
> enough information to do either
Hmm, I must admit that the group operator has less priviliges than I'd
have expected. Sorry, I really should check my suspicions.
The most absolute is a nasty DoS called /sbin/halt, but since that was
the intention we'll let that slip.
There are also less obvious ways to DoS a machine, but since we can
already shut it down there's no reason to annoy people a little - after
all, you can annoy them a lot. And I don't see any obvious way to get
the operator group to help with that.
The second most nasty attack is getting /etc/master.passwd and running a
cracking tool on it - this will yield any weak passwords easily. This is
rather obvious, but if using weak passwords can be very dangerous.
/etc/master.passwd uses rather strong encryption, but other password
files are typically easier to crack. This would be rather annoying on
a shared machine, but since this is a single-user system there's usually
little extra access to be gained.
If the system uses backup tapes, the user operator can overwrite them.
This can be quite disastrous, but I'm fairly certain this isn't much of
a problem in this case.
And that's about it. The group operator can read all files on the
system, which would be rather nasty in a multi-user setup where the
documents are confidential or at least private, but since that's not the
case I don't see too much of a problem.
Sorry!
Joachim
