|
Bugzilla – Full Text Bug Listing |
| Summary: | Man page suggests a rule which can be exploited to gain root | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Paul "Joey" Clark <joey> |
| Component: | Documentation | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | high | ||
| Priority: | low | ||
| Version: | 1.8.19 | ||
| Hardware: | PC | ||
| OS: | Other | ||
Yes, this is not safe on systems with GNU getopt(3) (primarily Linux) where options can follow arguments. It's not an issue with POSIX getopt(3) were option processing stops after the first non-option. Fixed by https://www.sudo.ws/repos/sudo/rev/c809f1372811 Documentation change is present in sudo 1.8.20, available now. |
The man page suggests pete be allowed to change everybody's password except for roots: pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root Unfortunately, it is easy for pete to change root's password. He just needs to run: sudo passwd root -q My suggestion to better secure this rule would be to disallow any call to passwd when any of the arguments contains "root": pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*