about the city contact us
search
 
 
 
 
 
 
Malware city / Blog / Sudo considered harmful
Print | Send on Yahoo! | PDF version | Feed RSS | Filed Under: MISCELLANEOUS

Sudo considered harmful

Date: 02/20/2009
Author: Razvan Stoica

Buggy old bad idea

Fresh off the presses, but not covered by the mainstream press, we have a freshly-patched vulnerability in Ubuntu Linux  sudo to talk about.

CVE-2009-0034  is a bug that affects versions 8.04 and 8.10 of the popular distribution,  but it is also an object lesson on the inherent tension between security and usability.

On smost *nix systems, the administrator account, called root, has ultimate power over, well, everything. Wielding that power is sometimes left to a select group, called "wheel", consisting of user accounts permitted to "take on the mantle of authority", so to speak, and switch from being their usual selves , "mranderson" or "user278", to being "root" and issuing commands which can affect the whole system as such.

To do this, one needs to have a valid account with a password on that machine, to know the password  to the root account, to be in the "wheel" group and to know the magic words, which happen to be "su root". Pretty good security.

Now, what sudo does is offer a convenient way to do stuff as if you were another user, such as root, yet without switching personas. To use sudo, your account needs to be listed in another special file, called "sudoers" and you need to know the password to your own user account and the magic words, which are "sudo ".

This is very much like what Vista UAC does when you try to install trojans on your new laptop.

The sudoers file, in the default configuration, lists only accounts allowed to run stuff with root privileges. Yet sudo can be configured, via the same file, to allow user accounts to run programs with the privileges of other user accounts.

If you were a diligent little admin using Ubuntu and you took advantage of this feature to allow sally the remote user to sometimes print stuff by running the printing stuff as a local user (since only local users are allowed to print stuff in your highly secure system), well, sally could have used the the vulnerable sudo to run stuff as root and do all sorts of nasty things like peek in others' e-mail (and if you angered her, she just might have).

Of course, not using the dubious convenience offered by sudo would have spared you the pain in the first place.

Share our story:
DiggStumbleUpondel.icio.usYahooMyWebFurlGoogle
RELATED:

Comment on this:
Name:
Email:
Your email address will not be published!

Please enter the code from the image below.
The code is not case sensitive
Verification Image
Reload image
 
 
Calendar
February 2010
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
       
« Jan February Mar »
CategoriesMISCELLANEOUS
WEEKLY REVIEW
VIRUSES DESCRIPTIONS
CONTEST
MALWARE HISTORY
HOW TO....
BOTNETS
ALERTS
SPAM REVIEW
Tag Claud
worm files malware downadup virus file pharmacy exploit canadian infected word system message bitdefender rogue data software windows security microsoft omelette trojan twitter antivirus botnet computer review messages conficker spam
RSS Feeds
Blogs And Comments RSS News
Malware City Powered by BitDefender © 2010 |  privacy policy   |  city map