limiting commands to directories
Matthew Hannigan
mlh at zip.com.au
Thu Aug 29 10:03:34 EDT 2002
Saxon, Lamar wrote:
> Can't you simply create a command alias like:
>
> Cmnd_Alias CHMOD=/usr/bin/chown userid /local/develop/*
>
> Seems to work fine in my environment...
>
> Lamar
No good. The user can do:
sudo chown me /local/develop/../../../../../../etc/passwd
and then become root after s/he edits the passwd file.
The * doesn't match a / in the command, but it matches
anything in the command's args.
Bottom line, do not rely on pattern matching in sudoers.
Use wrapper scripts!
Matt
PS another pitfall:
EVEN if the pattern matching did not match a /, I can become
root if I can write to /local/develop: I can create a symlink:
ln -s /etc/passwd /local/develop/mylink
and then chown mylink, which chowns /etc/passwd, not the link.
You need to force use of the -h flag on chown to prevent this one.
More information about the sudo-users
mailing list