[sudo-users] Restricting / Limiting permission/ownership of targetted binaries?
A. James Lewis
james at fsck.co.uk
Mon Apr 26 10:20:17 MDT 2021
On 26/04/2021 17:04, Grant Taylor via sudo-users wrote:
> On 4/26/21 7:25 AM, A. James Lewis wrote:
>> Hi,
>
> Hi,
>
>> I've been trying to figure out if there's a way to cause sudo to
>> validate that a particular binary has "secure permissions", before
>> allowing it to run, in the same way that sshd will not use an
>> "authorized_keys" file if it has insecure permissions.
>
> I'm not aware of anything being built into sudo to check this.
>
> Note: My ignorance of such a feature does not preclude it from existing.
Indeed.... I could not find anything in the "sudo" documentation
either... although as I mentioned, the last time I posted here, the
feature I wanted was in the /next/ release... so I guess there's a
chance it might not be in the documentation.. :)
>
>> Any advice/suggestions etc. would be appreciated... The last time I
>
>> mentioned something here, the answer was "ahh, the next version of sudo
>
>> can do that"... so, here's hoping for another miracle.
>
> Have you considered sudo's ability to check a hash of the binary in
> question? I would think that a hash of a known good version of the
> file would be quite difficult to fake with a maliciously modified
> version. Despite the permissions of the file and it's (parent)
> directory(ies).
Yes, I have considered this... infact the feature I wanted last time was
the ability to define a rule based on the hash alone, so that the actual
path to the command did not matter... This became possible in 1.9 I believe.
It would make a lot of sense to include a hash of a known good version,
but in this case... there are many different machines of different
versions involved, and I do not know the specific hash of the binaries
in question... there may indeed be many different versions and they may
change when the application is patched.
My problem is one of "too many cooks",... leading to a possibility that
permissions could be changed by someone who lacks understanding the
implications... and I want to ensure that sudo would cease to run the
command with escalated privilages, in the same way that sshd would cease
to allow logins based on "authorized_keys" if the permissions of that
file were insecure.
Perhaps it is a feature that would be useful for others as well?....
>
>
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-users
--
*ค. ﻝค๓єร ɭєฬเร* (james at fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
More information about the sudo-users
mailing list