| 1 |
On 11/05/2017 01:49, Adam Carter wrote: |
| 2 |
> I want to allow some fairly well trusted users the ablilty to do traces |
| 3 |
> with icmp. I can give them sudo, but how high is the risk of making |
| 4 |
> traceroute suid root? AFAIK making text editors or anything that has an |
| 5 |
> ability to run shell commands suid root is effectively giving them root |
| 6 |
> access, but other than exploiting vulnerabilities in traceroute itself, |
| 7 |
> are there any other issues? |
| 8 |
|
| 9 |
You have at least 3 approaches |
| 10 |
|
| 11 |
1. suid root. If you err on the side of the binary probably being OK, |
| 12 |
you will probably be fine. I don't know of any issues with traceroute, I |
| 13 |
have many systems where it ships suid root without issue (like ping) |
| 14 |
|
| 15 |
2. sudo, which frankly is a monumental PITA to maintain - it tends to |
| 16 |
grow and bloat and the syntax isn't easy to parse in your mind. It also |
| 17 |
doesn't let you give users access to a certain thing, you have to come |
| 18 |
up with all the commands that do that, then figure out a regex that |
| 19 |
matches what you want and nothing you don't want. A real PITA |
| 20 |
|
| 21 |
3. Capabilities, like John said. Ideally this is what you really want. |
| 22 |
User's can't run traceroute because they can't open raw sockets. |
| 23 |
Capabilities let you give them that permission, deftly avoiding |
| 24 |
questions as to the vuln status of the traceroute binary |
| 25 |
|
| 26 |
-- |
| 27 |
Alan McKinnon |
| 28 |
alan.mckinnon@×××××.com |
Archives