[sudo-users] How to know real uid/gid?
Matthew Hannigan
mlh at zip.com.au
Thu May 25 20:16:15 EDT 2006
On Thu, May 25, 2006 at 09:27:18PM +0200, Josef Wolf wrote:
> > You've got env vars SUDO_UID and SUDO_GID ...
>
> Ough, I must have been blind! Thanks for the hint, Matthew!
>
> > So I guess you can set[ug]id to those if you wanted to 'drop'
> > privs. Be careful that they're not tainted though.
>
> Isn't this set by sudo? So how they can be tainted? How would one try
> to exploit that?
Er, with difficulty :-) unless the thing you're
spawning is an interpreter or has some internal
language that lets you change env vars.
I'm straining my brain to come up with one off the
top of my head, but maybe a for instance is a
restricted shell, such as rksh? Or a perl
driven interactive program which does not
bother to inhibit certain perl operations?
Matt
More information about the sudo-users
mailing list