Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sat, 23 Oct 2004 03:38:23 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: sudo: why not?

Nico,

On Fri, Oct 22, 2004 at 02:32:37PM +0200, Nico -telmich- Schottelius wrote:
> Solar Designer [Wed, Oct 20, 2004 at 11:55:16PM +0400]:
> > [su and sudo security problems]
> 
> Well, this is not a problem anymore, if you use enhanced
> kernel security. For instance using RSBAC (www.rsbac.org)
> one can define exaclty what program and which user may use
> setuid from which uid to which uid.

RSBAC is great, but I feel that you've missed the point.  If it would
be permitted for a non-root user to su to root, then anyone who could
have compromised the user's account[1] would also be able to hijack a
su session[2] and then su to root himself.  This attack is not affected
by kernel policy enforcement in any way.

[1] Such a compromise could occur in a variety of ways: Web/FTP/etc.
client vulnerabilities, password snooping, etc.

[2] For example, edit the user's shell startup scripts to make su an
alias for a custom su wrapper program.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux