Re: What bad things could happen if we don't use sudoedit?
On Tue, 28 Apr 2015 07:19:34 +0200, someone wrote: You are perfectly correct, it was ed, not vi and sudoedit could be the solution, thanks. I will try to search the internet how to do the LD_PRELOAD trick with ed. You cannot as LD_PRELOAD only works with dynamic executables and ed is static. The best you could hope to do is monitor it via ptrace(2). It's really a moot point since if you can write to files as root you can trivially get a root shell other ways, such as editing /etc/sudoers. The reason we have sudoedit is that there is no safe way to constrain what an editor run as root can do. - todd
Re: What bad things could happen if we don't use sudoedit?
On 2015-04-27, whynot sudo whynots...@safe-mail.net wrote: Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? Let's try! $ sudo ed !sh # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. -- Christian naddy Weisgerber na...@mips.inka.de
Re: What bad things could happen if we don't use sudoedit?
Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. But how exactly? Why isn't it fixed? :O Oh something is broken? Please show your work.
Re: What bad things could happen if we don't use sudoedit?
Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. But how exactly? Why isn't it fixed? :O On Mon, Apr 27, 2015 at 9:49 PM, Christian Weisgerber na...@mips.inka.de wrote: On 2015-04-27, whynot sudo whynots...@safe-mail.net wrote: Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? Let's try! $ sudo ed !sh # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) # Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. -- Christian naddy Weisgerber na...@mips.inka.de
Re: What bad things could happen if we don't use sudoedit?
On Mon, Apr 27, 2015 at 9:43 PM, someone thisistheone8...@gmail.com wrote: Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. No, that's not what naddy demonstrated. He showed that NOEXEC didn't work with /bin/ed. Are you assuming that /bin/ed and /usr/bin/vi are the same program? Why did you list programs in /etc/sudoers that you didn't careful inspect and think about? But how exactly? Why isn't it fixed? :O BECAUSE WE HAVE SUDOEDIT! You asked why you should use the solution that was provided, and now that this was demonstrated you're asking why there isn't a solution? Philip Guenther
Re: What bad things could happen if we don't use sudoedit?
In the bad thing category, you could break your sudo config. What do you mean by that? Original Message From: ludovic coues cou...@gmail.com To: whynot sudo whynots...@safe-mail.net Subject: Re: What bad things could happen if we don't use sudoedit? Date: Mon, 27 Apr 2015 18:52:56 +0200 2015-04-27 18:46 GMT+02:00 whynot sudo whynots...@safe-mail.net: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. In the bad thing category, you could break your sudo config.
Re: What bad things could happen if we don't use sudoedit?
On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # -- Carlin
Re: What bad things could happen if we don't use sudoedit?
On 28/04/15 05:28 +1200, Carlin Bingham wrote: On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # You can skip some mangling: $ sudo vi :!/bin/sh #
Re: What bad things could happen if we don't use sudoedit?
On Mon, Apr 27, 2015 at 1:44 PM, Richo Healey ri...@psych0tik.net wrote: On 28/04/15 05:28 +1200, Carlin Bingham wrote: On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote: Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers? Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the foouser escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks. $ sudo vi /bin/ksh :w! /bin/ed :q $ sudo ed # You can skip some mangling: $ sudo vi :!/bin/sh # Except the sudo policy provided would prevent this with NOEXEC flag.
Re: What bad things could happen if we don't use sudoedit?
You are perfectly correct, it was ed, not vi and sudoedit could be the solution, thanks. I will try to search the internet how to do the LD_PRELOAD trick with ed. Thanks :) On Tue, Apr 28, 2015 at 7:09 AM, Philip Guenther guent...@gmail.com wrote: On Mon, Apr 27, 2015 at 9:43 PM, someone thisistheone8...@gmail.com wrote: Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables. Thank you, so there is a way tricking noexec with vi to get a root shell. No, that's not what naddy demonstrated. He showed that NOEXEC didn't work with /bin/ed. Are you assuming that /bin/ed and /usr/bin/vi are the same program? Why did you list programs in /etc/sudoers that you didn't careful inspect and think about? But how exactly? Why isn't it fixed? :O BECAUSE WE HAVE SUDOEDIT! You asked why you should use the solution that was provided, and now that this was demonstrated you're asking why there isn't a solution? Philip Guenther