[sudo-users] Sudo's secure path option can be cirumvented
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jun 3 14:56:33 EDT 2010
In message <OFB6E11586.5FBDCD72-ON85257737.004E6214-85257737.004EED8F at ca.ibm.co
so spake (yaberger):
> I've just received the following security alert:
> I've a few questions concerning this part:
> Sudo "secure path" feature works by replacing the PATH environment
> variable with a value specified in the sudoers file, or at compile time if
> the --with-secure-path configure option is used.
> Is there any configuration related to that in sudoers or is it only a
> configure/compile option?
Sudo 1.7.0 and higher has the "secure_path" Defaults setting in
sudoers. For older versions of sudo it was a compile-time option
> Can you confirm that this doesn't apply if sudo is not configured with the
> --with-secure-path option?
> By default, is this option set to yes if you configure with the default
> options (./configure) ?
> Is it possible to determine if your sudo has been builded with this
> configuration option (in sudo -V output probably) ?
For sudo 1.6.0 and higher if you run "sudo -V" as root you will
see something like this:
Value to override user's $PATH with: /usr/bin:/bin
if sudo has been built with --with-secure-path enabled.
More information about the sudo-users