The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security
Reload this Page sudo question
Google UNIX.COM
Forums Portal Register Rules & FAQContribute Members List Arcade Search Today's Posts Mark Forums Read



Thread: sudo question
View Single Post in UNIX Forums - Click on the Thread or Permalink to View Entire Thread -->
  #9 (permalink)  
Old 04-18-2008
melias melias is offline
Registered User
  

Join Date: Oct 2007
Posts: 13
Maybe I haven't defined by question correctly.

What I want to stop is a user elevating to root via the following:

sudo bash.

This is easy enough to do via a sudoers restriction on running the command.

Now, I have a group of admins that need to be able to run most system commands. However, I want to be able to log all commands they run as root, for auditing purposes. So I use sudo.log.

The user bypasses sudo logging if they execute su or a shell via sudo. As mentioned above, I can prevent this by explicitly denying the commands in sudoers file.

However, if the user (or admin) copies a shell (say /usr/bin/bash, but could be any shell) to another location/name (could be any location or name), what's to stop them now executing this renamed and relocated shell command via sudo, which in effect, gives them root access without sudo.log logging.

Please don't get hung up on homedir being the location - it could be any directory with write and execute permissions.

So, is it possible on your system for a user to copy(rename) a shell command to another location and then execute it via sudo?
If not, why not?

This is what I want to prevent.
Reply With Quote