[sudo-users] How to prevent privilege escalation attacks through sudo?

Michael L Griffin milegrin at gmail.com
Fri Jan 12 00:37:25 EST 2007 

Greetings

  I agree that prevention is better than cure and once infected better to
blat and start again, that being said, it would be good to be able to
prevent malcious execution, possibly through command feedback (at least you
can see if anything got run in teh backround).

  Limiting it too one iteration could possibly break some of it uses in
extended comand line arguments or scripts eg :
"sudo find /restricted_path/ | xargs sudo rm"

  A wrapper script could also be used but that is a little dirty.


  Any ideas?


-- 
_______________________________________
( R e g a r d s                         )
(                                       )
( M i c h a e l  L  G r i f f i n       )
( michael at griffin.org.za                )
( http://www.griffin.org.za             )
( Fax : +27 86 670 8945                 )
( Cel : +27 83 462 0462                 )
(                                       )
( Next step in OS evolution is found on )
( the command line...                   )
(                       .: L I N U X :. )
---------------------------------------
   o
    o
        .--.
       |o_o |
       |:_/ |
      //   \ \
     (|     | )
    /'\_   _/`\
    \___)=(___/
Confucius: He who play in root,
           eventually kill tree.



On 11/01/07, Bob Proulx <bob at proulx.com> wrote:
>
> David wrote:
> > Question: In a distro where sudo is enabled by default (eg Ubuntu),
> > how are privilege escalations via sudo avoided?
>
> The same as when sudo is not enabled.
>
> > 2) Bob's user account gets compromised (eg, he views an image that
> > exploits a buffer overrun in libpng)
>
> Bob's box is now completely suspect either with or without sudo.  Take
> the disk offline and image it for forensic analysis of how the exploit
> occurred.  Wipe the disk clean and install fresh from known good
> sources.  Take corrective action to avoid the previous exploit.
>
> Bob
>
> --
> But I don't even know Alice.  :-)
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list