Bug 190 – Entering password from STDIN allows for possible unauthorized access via Sudo

Bug 190 - Entering password from STDIN allows for possible unauthorized access via Sudo


Summary:	Entering password from STDIN allows for possible unauthorized access via Sudo

Status:	RESOLVED WORKSFORME

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.8
Hardware:	Macintosh MacOS X

Importance:	high security
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-07-27 14:33 MDT by Garrett Cooper
Modified:	2005-10-28 15:07 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Garrett Cooper 2005-07-27 14:33:16 MDT

I was just trying out the STDIN feature for testing purposes on my iBook and the
following behavior was shown. I had not typed in my password at all for quite
some time via sudo and it granted my access instantly after I tried the commands
listed below:

dhcp196-181:~ gman$ sudo -S gman
Password:
dhcp196-181:~ gman$ sudo -S gman bash
Password:
sudo: gman: command not found
dhcp196-181:~ gman$ sudo -S=gman bash
sudo: please use single character options
dhcp196-181:~ root# sudo --version
sudo: please use single character options
usage: sudo -K | -L | -V | -h | -k | -l | -v
usage: sudo [-HPSb] [-p prompt] [-u username|#uid]
            { -e file [...] | -i | -s | <command> }
dhcp196-181:~ root# sudo -V       
Sudo version 1.6.8p5

Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: local2
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5 minutes
Password prompt timeout: 0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/run/sudo
Default password prompt: Password:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
Environment variables to check for sanity:
        LANGUAGE
        LANG
        LC_*
Environment variables to remove:
        BASH_ENV
        ENV
        TERMCAP
        TERMPATH
        TERMINFO_DIRS
        TERMINFO
        DYLD_*
        _RLD*
        LD_*
        PATH_LOCALE
        NLSPATH
        HOSTALIASES
        RES_OPTIONS
        LOCALDOMAIN
        CDPATH
        IFS
Local IP address and netmask pairs:
        128.95.196.181 / 0xffffff00

Comment 1 Todd C. Miller 2005-10-28 13:07:39 MDT

Unable to reproduce on Mac OS X Panther or Tiger