F22 System Wide Change: Set sshd(8) PermitRootLogin=no
Miloslav Trmač
mitr at redhat.com
Mon Jan 19 19:23:53 UTC 2015
> On Fri, 2015-01-16 at 15:39 +0100, Lubomir Rintel wrote:
> >
> > There's a chance of a successful exploitation that would result in
> > obtaining my privileges. Sure, gaining access to my account is bad
> > enough, but if I run "su" or "sudo", they have root!
>
> Along these lines, someone pointed out a rather nasty attack vector
> via sudo the other day:
>
> http://blog.grdryn.me/blog/fedora/prank-alias-sudo-in-bash.html
>
> so...you'd better remember to call it with \ every time...:)
This is a „movie plot threat“, proposing a specific attack and a specific mitigation, but doing nothing about the immediately available alternative attacks. For example, I could edit ~/.profile to replace the running bash with a modified copy that ignores (or even specifically hijacks) the \ in \sudo.
At a first glance it seems to me there in principle can’t be a way to protect against a modified shell environment from within that environment because that environment can lie to you about any system output, or to the system about any your input. (So even having a trusted “antivirus service” running outside of the shell and protected against it wouldn’t be useful because from the shell you could never be sure that you are talking to that trusted service.¹)
Mirek
¹ Well, establish a TLS channel through the malicious shell directly to the antivirus… Just no.
More information about the devel
mailing list