[sudo-users] How to know real uid/gid?
jw at raven.inka.de
Fri May 26 03:34:15 EDT 2006
On Fri, May 26, 2006 at 10:16:15AM +1000, Matthew Hannigan wrote:
> On Thu, May 25, 2006 at 09:27:18PM +0200, Josef Wolf wrote:
> > > You've got env vars SUDO_UID and SUDO_GID ...
> > Ough, I must have been blind! Thanks for the hint, Matthew!
> > > So I guess you can set[ug]id to those if you wanted to 'drop'
> > > privs. Be careful that they're not tainted though.
> > Isn't this set by sudo? So how they can be tainted? How would one try
> > to exploit that?
> Er, with difficulty :-) unless the thing you're
> spawning is an interpreter or has some internal
> language that lets you change env vars.
As long as the vars are captured before the user has a chance to change
them, it should be safe.
> I'm straining my brain to come up with one off the
> top of my head, but maybe a for instance is a
> restricted shell, such as rksh? Or a perl
> driven interactive program which does not
> bother to inhibit certain perl operations?
In such a case you have lost either way, I think.
>From your last reply, I assumed that there would be a way to fool sudo to
set the vars wrong. Or that it would be possible to change the vars just
_before_ my (perl) script is called.
So, as long as the vars are set correctly when my script starts executing
its statements, I should be safe, I think.
More information about the sudo-users