1 |
On Sun, 18 Apr 2010 08:29:37 +1000 |
2 |
Lie Ryan <lie.1296@×××××.com> wrote: |
3 |
|
4 |
> sudoedit is mainly just a shortcut for "sudo $EDITOR" (plus doing a few |
5 |
> things). |
6 |
|
7 |
sudoedit is safer then sudo because sudoedit runs as root but nano (The editor) runs as your user. |
8 |
sudoedit uses a fixed path which is compiled into the program (The was a thread about changing the editor on this mailing some time ago. ). |
9 |
|
10 |
> Everything above (su,sudo,policykit,polkit) are just sugar for |
11 |
> permission bits (owner,group,others+SUID,GUID); attempting to give finer |
12 |
> control over the permissions or provide convenience services. |
13 |
|
14 |
Mess up the configuration and you may as well hand out the root password. |
15 |
|
16 |
> The basis of all Linux security scheme is the file permission bits |
17 |
> (owner,group,other) and the SUID/GUID bit (ACL is a distinct security |
18 |
> scheme, so we're explicitly excluding it here). Everything else is just |
19 |
> sugar. If you want to lock everything, just remove the SUID/GUID-bit |
20 |
> from all executables in your system (except for a select few) and remove |
21 |
> all groups (make sure you know what you're doing though, lots of program |
22 |
> won't work if you really do that). Starting from step zero, you can have |
23 |
> very fine control over everything. |
24 |
|
25 |
I just checked my system for files not owned by me and had a non root group set to rw. |
26 |
I found "/usr/share/games/eternal-lands" with rw set and all the sub-folders and files. |
27 |
It would be very easy to do a DOS attack on a system side partition but then again |
28 |
the same could be said about "/tmp". |
29 |
|
30 |
If you setup quotas for the users home folder. Ones the home folder is full the |
31 |
user will look for another place to save they files. |
32 |
When I was at school. A kid ran out of space so he started to move his files to the recycling bin, before creating |
33 |
his new files. Of course the recycling bin had no quota nor was it backed up. |
34 |
Some time after that the admin set a quota on the recycling bin and the kid asked why he could not save. |
35 |
So I showed him how to empty his recycling bin. I was 10 second away from deleting all his work |
36 |
before he pointed out he keeps his work in there! |
37 |
That was some fun on windows but it could happen with Linux "/tmp" is wiped after each reboot and any |
38 |
other places that is not backed up, does not have quota and the user can write to. |
39 |
|
40 |
> Most security holes in Linux comes from a SUID program that lets |
41 |
> untrusted programs into the "trusted-space". |
42 |
|
43 |
53 SUID or GUID programs on my system! |
44 |
Why does cdrecord have SUID set? |
45 |
"/dev/sr0" is in the cdrom group with rw set so |
46 |
SUID should not be needed in the first place. |
47 |
|
48 |
> If you want simplify your environment, you can clear all the `group` and |
49 |
> `other` permission bits from all files in your computer and everyone |
50 |
> (except root) will only have access to files they own. Then you can |
51 |
> start adding permissions on case-by-case basis. Too much hassle though, |
52 |
> I think. |
53 |
|
54 |
I could remove other from all the SUID programs then setup a ACL group that could run then. |
55 |
That would stop RandomFool from running then in the first place. |
56 |
I could see that being useful for say "mount" (Yes it's has SUID set). If the was security hole in it. |
57 |
|
58 |
> the only way the program can chmod a file in your home folder is because |
59 |
> the program have the permission to chmod a file in your home folder. The |
60 |
> only program that have permission to chmod a file in your home folder is |
61 |
> the one run with EUID-root or EUID-owner. The only way a program can be |
62 |
> run with EUID root is they are executed by root himself or a SUID-root |
63 |
> program. The only way a program can be run with EUID owner is SUID-owner |
64 |
> program or program executed by the owner himself. |
65 |
|
66 |
What does the E in EUID stand for? |
67 |
I did a quick Google and found RUID and EUID but I did not find anything else. |
68 |
|
69 |
> However, I don't think buggy program is the case here. It is much more |
70 |
> likely that you accidentally runs chmod on your home folder when you |
71 |
> actually want to run it in another directory. |
72 |
|
73 |
No, this was before I used chmod for anything (read noob) I set the permissions back with nautilus |
74 |
but after each login or was reboot and login. The permissions got set back to o+rwx. |
75 |
The was a very help error box at login that said "The permissions for your home folder are set wrong.". |
76 |
That was the helpful version the real version was talking about some file in "~/.config". |
77 |
|
78 |
> You can use this to find all SUID program accesible by your user: |
79 |
> find / -perm -u+s -exec ls -l '{}' \; 2> /dev/null |
80 |
|
81 |
Yes, I have being making use of this page http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=6 |
82 |
for a long time. |
83 |
|
84 |
> I found sudo, although very handy for desktop, is a huge security hole. |
85 |
> And is inadequate for any secure system. This is simply because if you |
86 |
> run a program as sudo, then in the next five minute you start a |
87 |
> malicious program *without* sudo; the malicious program can gain root |
88 |
> access by stealing your previous sudo's timestamp (yes, it can steal the |
89 |
> timestamp without being explicitly invoked with sudo[1]). Before running |
90 |
> a potentially untrusted program, you must explicitly kill your sudo |
91 |
> timestamp with `sudo -k` or set sudo to not use timestamp. Better yet, |
92 |
> don't use sudo on secure systems. |
93 |
|
94 |
Wow... I never thought about that. I run sudo on my system 4 to 6 times a day if not more. |
95 |
Can tell me the setting please. I had a quick look at man pages and Gentoo docs but I did not see it. |
96 |
Gentoo sudo guide [1] could use a update about this. it was right under my nose but I missed it... |
97 |
|
98 |
If some leaves they PC for 5 mins you could run |
99 |
"nano ~/.bashrc" and add "export PATH=/home/user/.bin:$PATH" |
100 |
then make a file called "sudo" write something to nick the password and by it on to sudo and then clean up after it |
101 |
self. |
102 |
Just for fun I did that to one of my terminal tabs, with the script running "echo HAHA!". |
103 |
With in 20 minutes I had run sudo two times. |
104 |
|
105 |
|
106 |
[1] http://www.gentoo.org/doc/en/sudo-guide.xml |