[sudo-users] Distributing the sudoers file using rsync as a non root user

Paul M. Lambert plambert at plambert.net
Fri Oct 1 00:00:43 EDT 2004

On Sep 30, 2004, at 7:43 AM, Martin Schröder wrote:

> On 2004-09-30 16:15:33 +0200, martin f krafft wrote:
>> You are effectively giving the rsync user root rights to the local
>> and all remote machines. rsync can read /etc/shadow, and rsync can
>> copy binaries between machines (and locally) as root, preserving
>> permissions. yay, setuid shells!
> Yes. :-{
> This can be controlled a bit by setting options in 
> ~/.ssh/authorized_keys

authorized_keys can only control what command is run.  in this case, 
that command is rsync, and it can write to any file it has write 
privileges to.  running it as root gives it write privileges to every 
file, so it can essentially do anything it wants.

authorized_keys can't say "let the user run rsync, but don't let it 
write to anything but /etc/sudoers," and even if it could, it wouldn't 
help, because that's enough to compromise a system.

giving any local user write access to /etc/sudoers allows that user to 
give itself full root privileges.  changing the mechanism of writing to 
something confusing like rsync doesn't change the outcome.

just as you wouldn't give a person you don't want in your house the job 
of holding on to your housekeys and deciding who to give them to, any 
account you allow to write to the sudoers file can put itself in it.


More information about the sudo-users mailing list