[sudo-users] [Slightly offtopic?] Finding executables that can spawn shells

L. A. Walsh sudo at tlinx.org
Sun Dec 21 16:33:28 MST 2014

Tim Bradshaw wrote:
> So the question is: does anyone have (pointers to) any set of tools which could semi-automate this process?  Platforms of most interest are Linux and Solaris, but unfortunately everything else as well (big old organisation).
The only thing I could think of that might help would be to
configure some type of system call auditing in a kernel
(like linux) to allow an audit entry to be used to
collect programs that run 'exec' calls.

It's definitely not as 'static' as you seem to be wanting,
but it might be the next best thing to use with a default-NOEXEC
policy, that would quickly catch and alert you to which programs
are failing due to exec not working...?

If you have some idea of your userbases' most common or frequently
used programs, a test machine (or VM) with those programs could
be used to pre-test such policies if that was considered
important or desirable.

It may be that simply an audit enabled kernel would work, dunno, but
I'd bet there's more than one way to do it...


More information about the sudo-users mailing list