F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Adam Williamson
adamwill at fedoraproject.org
Tue Jan 20 02:15:20 UTC 2015
On Mon, 2015-01-19 at 14:23 -0500, Miloslav Trmač wrote:
> > On Fri, 2015-01-16 at 15:39 +0100, Lubomir Rintel wrote:
> > >
> > > There's a chance of a successful exploitation that would result
> > > in obtaining my privileges. Sure, gaining access to my account
> > > is bad enough, but if I run "su" or "sudo", they have root!
> >
> > Along these lines, someone pointed out a rather nasty attack
> > vector via sudo the other day:
> >
> > http://blog.grdryn.me/blog/fedora/prank-alias-sudo-in-bash.html
> >
> > so...you'd better remember to call it with \ every time...:)
>
> This is a „movie plot threat“, proposing a specific attack and a
> specific mitigation, but doing nothing about the immediately
> available alternative attacks. For example, I could edit ~/.profile
> to replace the running bash with a modified copy that ignores (or
> even specifically hijacks) the \ in \sudo.
>
> At a first glance it seems to me there in principle can’t be a way
> to protect against a modified shell environment from within that
> environment because that environment can lie to you about any system
> output, or to the system about any your input. (So even having a
> trusted “antivirus service” running outside of the shell and
> protected against it wouldn’t be useful because from the shell you
> could never be sure that you are talking to that trusted service.¹)
> Mirek
>
Sure, I just meant it as a handy and clear demonstration of the
principle that if you can compromise the environment of a user with
sudo or other admin privileges, you're about 97% of the way to root in
any case.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the devel
mailing list