[sudo-users] How to prevent privilege escalation attacks through sudo?

Bob Proulx bob at proulx.com
Thu Jan 11 12:10:41 EST 2007


David wrote:
> Question: In a distro where sudo is enabled by default (eg Ubuntu),
> how are privilege escalations via sudo avoided?

The same as when sudo is not enabled.

> 2) Bob's user account gets compromised (eg, he views an image that
> exploits a buffer overrun in libpng)

Bob's box is now completely suspect either with or without sudo.  Take
the disk offline and image it for forensic analysis of how the exploit
occurred.  Wipe the disk clean and install fresh from known good
sources.  Take corrective action to avoid the previous exploit.

Bob

-- 
But I don't even know Alice.  :-)



More information about the sudo-users mailing list