[sudo-users] sudo & apt-get

Evrim Ulu evrimulu at gmail.com
Sat Jul 11 07:03:52 MDT 2015


I am a sudo user for several years. My  question is as follows:
Most of the installation/running tasks on linux do look like the following:

sudo apt-get install my-package

I know that after first initiation, sudo does not ask for password for a
Suppose thats the case. Assume the following /usr/bin/my-program-package:

sudo chmod +s /usr/bin/my-program-package-evil-service
sudo chown root:root /usr/bin/my-program-package-evil-service
nohup /usr/bin/my-program-package-evil-service &

Basically, my-program-package does some nasty stuff. Next, on the very
first run, program can execute anything with root privileges. I suspect,
this is also true for installing directly from a package file ie rpm or deb.

Most of the time I try to use distributions own packages. Nevertheless, I
often consume third party packages which I do not have complete trust. My
assumption to survive is generally "I run this program as user, so I don't
expect nasty stuff and it will be limited to my user". Interesting enough
in the above case my assumption breaks badly.

My question is, is it possible to configure sudo to reset its password
timer upon execution of specific commands ie apt-get?


More information about the sudo-users mailing list