[Mageia-sysadm] Usernames, uids, and groups

nicolas vigier boklm at mars-attacks.org
Wed Nov 10 18:54:01 CET 2010


On Wed, 10 Nov 2010, Luca Berra wrote:

> On Wed, Nov 10, 2010 at 06:25:38PM +0100, nicolas vigier wrote:
>> On Wed, 10 Nov 2010, Luca Berra wrote:
>>
>>> On Wed, Nov 10, 2010 at 01:32:47PM +0100, Michael Scherer wrote:
>>>> Le mercredi 10 novembre 2010 à 11:55 +0100, nicolas vigier a écrit :
>>>>> On Wed, 10 Nov 2010, Luca Berra wrote:
>>>>>
>>>>> > 2) Accountability. No idea in France, but here system administratros
>>>>> > need to be accounted (*).
>>>>>
>>>>> When someone runs "sudo su -" or something equivalent there is no
>>>>> accountability on what he did after that.
>>>>
>>>> Even more cunning, emacs or vim can run process ( except that vim has a
>>>> mode where it can prevent it with -Z, do not know for emacs ).
>>>
>>> it is better to use sudoedit for editing files, it will copy the
>>> original file to a temporary copy, revert to caller uid, let user edit
>>> the file, and move it into place afterwards.
>>
>> Unless the list of files you are allowed to edit is very limited, it is
>> very easy to open a root shell by editing a config file.
> not with sudoedit

With sudoedit too. Many config files are shell scripts or perl scripts
that you can edit to run other commands. Many config files also contain
paths for programs, libraries or plugins, environement variables or
other things that you can use to run anything you want. So unless you
can edit only a very limited number of files, there are many ways to
open a root shell.

>>> another options is using noexec (sudo will preload a shlib overriding
>>> exec calls)
>>
>> But you have an editor running as root, and you can then edit any file.
> the idea is that the editor runs as unprivileged user

I was talking about noexec option here.



More information about the Mageia-sysadm mailing list