[sudo-users] How to prevent privilege escalation attacks through sudo?

David wizzardx at gmail.com
Thu Jan 11 01:22:47 EST 2007


Question: In a distro where sudo is enabled by default (eg Ubuntu),
how are privilege escalations via sudo avoided?


1) Bob has an Ubuntu box with 2 users bob & root (ignoring the system accounts).

2) Bob's user account gets compromised (eg, he views an image that
exploits a buffer overrun in libpng)

3) Sometime later, bob runs 'sudo apt-get update', and enters his password.

4) An evil script, installed at (2), now also runs 'sudo
install_evil_rootkit', and doesn't have to enter a password

5) Profit (for the spammers/black hats)

I know there is a 'tty_tickets' option which prevents the same user
from logging on from different ttys during the 'ticket' period.

But what prevents the evil script from using the same tty? one
possibility is to update ~/.bash_profile so 'sudo' is aliased with
'start_evil; sudo'

I think something like 'pid_tickets' in addition to 'tty_tickets'
would help here.

Or is there some other protection in sudo (against attacks like this
one) which I'm not aware of?


More information about the sudo-users mailing list