[831] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sudo limiting

daemon@ATHENA.MIT.EDU (Greg Spiegelberg)
Fri Jun 21 12:01:39 1996

From: Greg Spiegelberg <gs0@s1.GANet.NET>
To: blue@buttercup.cybernex.net (Blue)
Date: Thu, 20 Jun 1996 06:07:18 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606182119.RAA20576@buttercup.cybernex.net> from "Blue" at Jun 18, 96 05:19:49 pm

Blue said, and I indent...
--
--Greetings,
--
--The recent thread on sudo has brought a question to me for practical usage.
--
--How to implement administrative accounts which have the permission to 
--create or change passwords of arbitary users, without having access to 
--change the root password.
--
--I was implementing user adding facilities for a small group whom still 
--should not have root access via sudo and realized that they could just 
--change the root password.  I am loathe to do it with a setuid program, 
--even though then I can run the username through a filter, due to the 
--probelms having a program like that can create.
--
--Baring hacking passwd, or creating a restricted version of it, is there 
--any secure way around this delima?

I could be wrong here but for temporary fix you could modify the sudo
function set_perms() (line 759 of cu-sudo v1.4) to -not- set the effective
uid in all cases and replace your current passwd/npasswd/yppasswd
programs to check the euid.  setuid() in the latest libc still only
modifies the uid not euid, right?  Just a guess.

The other option is to not allow sudo users the passwd command(s).

--
Greg "Twotone" Spiegelberg - gs0@ganet.net
UNIX System Administrator/Crash Dummy
Lucent "But we'd rather be called AT&T Bell Labs" Technologies

home help back first fref pref prev next nref lref last post