Bug 267 – Shell Execution

Bug 267 - Shell Execution


Summary:	Shell Execution

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.5
Hardware:	IBM AIX

Importance:	high security
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-10-30 14:56 MDT by Debasisha Padhi
Modified:	2007-10-30 16:39 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Debasisha Padhi 2007-10-30 14:56:55 MDT

Hello Sir,

We have created a standard sudoers file for all our Servers. (AIX, HP, SUN & Linux). We have created User_Alias, Host_Alias & Cmnd_Alias. In the USER Alias Specification we have given the " ID --- Server --- Command. (For e.g., AIX   ALL  = /usr/bin/more.). We found a problem in that. The problem is that when the user is login as AIX and doing sudo more /etc/passwd file and then pressing the "V" then he is in the vi editor and then he is able to edit the /etc/passwd file and then he is able to save the file and then coming out of the file. Please let us know how to prevent that in the IBM - AIX. As we faced couple of problems regarding the same. If you can provide the solution then I will be really grateful to you.

Similarly the other problem is with /usr/bin/chmod & /usr/bin/chown command. 

I kindly request you to provide the solution at the earliest possible so that we can implement the same in our environment.

With Kind Regards,

Debasisha

Comment 1 Todd C. Miller 2007-10-30 16:39:15 MDT

You can use the NOEXEC tag for this purpose.  See the section on NOEXEC in the sudoers man page.  In short, if you do things like:

junioradm   ALL = NOEXEC:/usr/bin/more

The user junioradm will be able to run the more command on any file but more will not be able to execute shell escapes or run the editor.