[sudo-users] Distributing the sudoers file using rsync as a non root user
Paul M. Lambert
plambert at plambert.net
Fri Oct 1 00:00:43 EDT 2004
On Sep 30, 2004, at 7:43 AM, Martin Schröder wrote:
> On 2004-09-30 16:15:33 +0200, martin f krafft wrote:
>> You are effectively giving the rsync user root rights to the local
>> and all remote machines. rsync can read /etc/shadow, and rsync can
>> copy binaries between machines (and locally) as root, preserving
>> permissions. yay, setuid shells!
>
> Yes. :-{
> This can be controlled a bit by setting options in
> ~/.ssh/authorized_keys
>
>
authorized_keys can only control what command is run. in this case,
that command is rsync, and it can write to any file it has write
privileges to. running it as root gives it write privileges to every
file, so it can essentially do anything it wants.
authorized_keys can't say "let the user run rsync, but don't let it
write to anything but /etc/sudoers," and even if it could, it wouldn't
help, because that's enough to compromise a system.
giving any local user write access to /etc/sudoers allows that user to
give itself full root privileges. changing the mechanism of writing to
something confusing like rsync doesn't change the outcome.
just as you wouldn't give a person you don't want in your house the job
of holding on to your housekeys and deciding who to give them to, any
account you allow to write to the sudoers file can put itself in it.
--plambert
More information about the sudo-users
mailing list