[849] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sudo limiting

daemon@ATHENA.MIT.EDU (JaDe)
Tue Jun 25 17:59:22 1996

From: jadestar@netcom.com (JaDe)
To: blue@buttercup.cybernex.net (Blue)
Date: Mon, 24 Jun 1996 14:13:14 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606182119.RAA20576@buttercup.cybernex.net> from "Blue" at Jun 18, 96 05:19:49 pm

> 
> Greetings,
> 
> The recent thread on sudo has brought a question to me for practical usage.
> 
> How to implement administrative accounts which have the permission to 
> create or change passwords of arbitary users, without having access to 
> change the root password.
> 
> I was implementing user adding facilities for a small group whom still 
> should not have root access via sudo and realized that they could just 
> change the root password.  I am loathe to do it with a setuid program, 
> even though then I can run the username through a filter, due to the 
> probelms having a program like that can create.
> 
> Baring hacking passwd, or creating a restricted version of it, is there 
> any secure way around this delima?


	One point I've made about sudo is that you should only 
	delegate the authority to people you trust -- people
	you'd *almost* trust with the root password itself.

	The value is that their actions are trackable (particularly
	if you syslog to a remote machine).  They leave an 
	audit trail.  They can't change root's password, shell
	to root and *change it back* (which 'sudo -c vipw' 
	would do BTW)

	You could certainly have sudo allow access to a 
	script -- possibly a taint perl script that does
	something like:

		if ($1 != "root" && $1 != "toor" ) then
			su -c 'passwd' $1

	(only with more restrictions on $1 to limit it to 
	a filename -- no IFS type exploits allowed).

	That leads me to the real question I had about sudo.

	How can I ensure that sudo executes in a sensible
	environments (no weird IFS or settings to change
	which shared libs are dynamically loaded etc)?


>    Jim "Blue" Carstensen
>    SysAdmin for Cybernex Inc.
>    blue@cybernex.net

home help back first fref pref prev next nref lref last post