| 1 |
On Sun, 18 Apr 2010 08:29:37 +1000 |
| 2 |
Lie Ryan <lie.1296@×××××.com> wrote: |
| 3 |
|
| 4 |
> sudoedit is mainly just a shortcut for "sudo $EDITOR" (plus doing a few |
| 5 |
> things). |
| 6 |
|
| 7 |
sudoedit is safer then sudo because sudoedit runs as root but nano (The editor) runs as your user. |
| 8 |
sudoedit uses a fixed path which is compiled into the program (The was a thread about changing the editor on this mailing some time ago. ). |
| 9 |
|
| 10 |
> Everything above (su,sudo,policykit,polkit) are just sugar for |
| 11 |
> permission bits (owner,group,others+SUID,GUID); attempting to give finer |
| 12 |
> control over the permissions or provide convenience services. |
| 13 |
|
| 14 |
Mess up the configuration and you may as well hand out the root password. |
| 15 |
|
| 16 |
> The basis of all Linux security scheme is the file permission bits |
| 17 |
> (owner,group,other) and the SUID/GUID bit (ACL is a distinct security |
| 18 |
> scheme, so we're explicitly excluding it here). Everything else is just |
| 19 |
> sugar. If you want to lock everything, just remove the SUID/GUID-bit |
| 20 |
> from all executables in your system (except for a select few) and remove |
| 21 |
> all groups (make sure you know what you're doing though, lots of program |
| 22 |
> won't work if you really do that). Starting from step zero, you can have |
| 23 |
> very fine control over everything. |
| 24 |
|
| 25 |
I just checked my system for files not owned by me and had a non root group set to rw. |
| 26 |
I found "/usr/share/games/eternal-lands" with rw set and all the sub-folders and files. |
| 27 |
It would be very easy to do a DOS attack on a system side partition but then again |
| 28 |
the same could be said about "/tmp". |
| 29 |
|
| 30 |
If you setup quotas for the users home folder. Ones the home folder is full the |
| 31 |
user will look for another place to save they files. |
| 32 |
When I was at school. A kid ran out of space so he started to move his files to the recycling bin, before creating |
| 33 |
his new files. Of course the recycling bin had no quota nor was it backed up. |
| 34 |
Some time after that the admin set a quota on the recycling bin and the kid asked why he could not save. |
| 35 |
So I showed him how to empty his recycling bin. I was 10 second away from deleting all his work |
| 36 |
before he pointed out he keeps his work in there! |
| 37 |
That was some fun on windows but it could happen with Linux "/tmp" is wiped after each reboot and any |
| 38 |
other places that is not backed up, does not have quota and the user can write to. |
| 39 |
|
| 40 |
> Most security holes in Linux comes from a SUID program that lets |
| 41 |
> untrusted programs into the "trusted-space". |
| 42 |
|
| 43 |
53 SUID or GUID programs on my system! |
| 44 |
Why does cdrecord have SUID set? |
| 45 |
"/dev/sr0" is in the cdrom group with rw set so |
| 46 |
SUID should not be needed in the first place. |
| 47 |
|
| 48 |
> If you want simplify your environment, you can clear all the `group` and |
| 49 |
> `other` permission bits from all files in your computer and everyone |
| 50 |
> (except root) will only have access to files they own. Then you can |
| 51 |
> start adding permissions on case-by-case basis. Too much hassle though, |
| 52 |
> I think. |
| 53 |
|
| 54 |
I could remove other from all the SUID programs then setup a ACL group that could run then. |
| 55 |
That would stop RandomFool from running then in the first place. |
| 56 |
I could see that being useful for say "mount" (Yes it's has SUID set). If the was security hole in it. |
| 57 |
|
| 58 |
> the only way the program can chmod a file in your home folder is because |
| 59 |
> the program have the permission to chmod a file in your home folder. The |
| 60 |
> only program that have permission to chmod a file in your home folder is |
| 61 |
> the one run with EUID-root or EUID-owner. The only way a program can be |
| 62 |
> run with EUID root is they are executed by root himself or a SUID-root |
| 63 |
> program. The only way a program can be run with EUID owner is SUID-owner |
| 64 |
> program or program executed by the owner himself. |
| 65 |
|
| 66 |
What does the E in EUID stand for? |
| 67 |
I did a quick Google and found RUID and EUID but I did not find anything else. |
| 68 |
|
| 69 |
> However, I don't think buggy program is the case here. It is much more |
| 70 |
> likely that you accidentally runs chmod on your home folder when you |
| 71 |
> actually want to run it in another directory. |
| 72 |
|
| 73 |
No, this was before I used chmod for anything (read noob) I set the permissions back with nautilus |
| 74 |
but after each login or was reboot and login. The permissions got set back to o+rwx. |
| 75 |
The was a very help error box at login that said "The permissions for your home folder are set wrong.". |
| 76 |
That was the helpful version the real version was talking about some file in "~/.config". |
| 77 |
|
| 78 |
> You can use this to find all SUID program accesible by your user: |
| 79 |
> find / -perm -u+s -exec ls -l '{}' \; 2> /dev/null |
| 80 |
|
| 81 |
Yes, I have being making use of this page http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=6 |
| 82 |
for a long time. |
| 83 |
|
| 84 |
> I found sudo, although very handy for desktop, is a huge security hole. |
| 85 |
> And is inadequate for any secure system. This is simply because if you |
| 86 |
> run a program as sudo, then in the next five minute you start a |
| 87 |
> malicious program *without* sudo; the malicious program can gain root |
| 88 |
> access by stealing your previous sudo's timestamp (yes, it can steal the |
| 89 |
> timestamp without being explicitly invoked with sudo[1]). Before running |
| 90 |
> a potentially untrusted program, you must explicitly kill your sudo |
| 91 |
> timestamp with `sudo -k` or set sudo to not use timestamp. Better yet, |
| 92 |
> don't use sudo on secure systems. |
| 93 |
|
| 94 |
Wow... I never thought about that. I run sudo on my system 4 to 6 times a day if not more. |
| 95 |
Can tell me the setting please. I had a quick look at man pages and Gentoo docs but I did not see it. |
| 96 |
Gentoo sudo guide [1] could use a update about this. it was right under my nose but I missed it... |
| 97 |
|
| 98 |
If some leaves they PC for 5 mins you could run |
| 99 |
"nano ~/.bashrc" and add "export PATH=/home/user/.bin:$PATH" |
| 100 |
then make a file called "sudo" write something to nick the password and by it on to sudo and then clean up after it |
| 101 |
self. |
| 102 |
Just for fun I did that to one of my terminal tabs, with the script running "echo HAHA!". |
| 103 |
With in 20 minutes I had run sudo two times. |
| 104 |
|
| 105 |
|
| 106 |
[1] http://www.gentoo.org/doc/en/sudo-guide.xml |
Archives