Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Root acces bug through sudo!

Security


Tags
puppet, root, su, sudo, ubuntu

Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 07-22-2014
nixhead nixhead is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 15 December 2015, 7:28 AM EST
Posts: 133
Thanks: 60
Thanked 3 Times in 3 Posts
Power Root acces bug through sudo!

My friend has found a bug with sudo.
His organization has Linux laptops with no root access to users. Policy pushing is through Puppet.
But doing
Code:
sudo sudo

twice he is able to access root.
Do you guys have any clue, how's that possible, usually
Code:
sudo su

is restricted.
Sponsored Links
    #2  
Old Unix and Linux 07-22-2014
rbatte1 rbatte1 is online now Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 23 January 2017, 9:24 AM EST
Location: Lancashire, UK
Posts: 2,932
Thanks: 1,207
Thanked 544 Times in 492 Posts
It's unlikely to be a bug.

Can you paste your /etc/sudoers file into the thread wrapped in [CODE] & [/CODE] tags please. It would be useful to know the Linux supplier and version and the sudo version:-

Code:
uname -a
sudo -V



Robin
Sponsored Links
    #3  
Old Unix and Linux 07-23-2014
nixhead nixhead is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 15 December 2015, 7:28 AM EST
Posts: 133
Thanks: 60
Thanked 3 Times in 3 Posts
cat /etc/sudoers


Code:
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
XXXXXX   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

sudo -v

Code:
Sudo version 1.8.3p1

uname -a

Code:
Linux XXXXXXXXX.com 3.2.0-54-generic #82-Ubuntu SMP Tue Sep 10 20:08:42 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

    #4  
Old Unix and Linux 07-23-2014
in2nix4life's Unix or Linux Image
in2nix4life in2nix4life is offline
Registered User
 
Join Date: Oct 2007
Last Activity: 9 October 2016, 12:41 PM EDT
Location: East Coast
Posts: 621
Thanks: 1
Thanked 177 Times in 163 Posts
Is your friend's account a member of the admin group?

The group designation is usually preceded by a percent sign as in the way it appears with the admin group. The comment preceding the XXXXXX states that it's a group but it's missing the percent sign.

Also, the following is from the sudoers man page:


Code:
root_sudo

If set, root is allowed to run sudo too. Disabling this prevents users from “chaining” sudo commands to 
get a root shell by doing something like “sudo sudo /bin/sh”. Note, however, that turning off root_sudo 
will also prevent root from running sudoedit. Disabling root_sudo provides no real additional security; 
it exists purely for historical reasons. This flag is on by default.

Sponsored Links
    #5  
Old Unix and Linux 07-24-2014
rbatte1 rbatte1 is online now Forum Staff  
Root armed
 
Join Date: Jun 2007
Last Activity: 23 January 2017, 9:24 AM EST
Location: Lancashire, UK
Posts: 2,932
Thanks: 1,207
Thanked 544 Times in 492 Posts
From this /etc/sudoers, either you have everything or nothing. If you can sudo sudo aaa, then you can just sudo aaa

To have any access, one must either be in the admin group or be the named user obscured by XXXXXX unless this is another group as the comment suggests. If you qualify under either, then you have full access. If you do not, you have no access.


As a simple test, I created a new user on a test server without any sudo rules and got the following:-
Code:
[RBATTE2@Test-RHEL-63 ~]$ sudo ls -l 

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for RBATTE2: 
RBATTE2 is not in the sudoers file.  This incident will be reported.
[RBATTE2@Test-RHEL-63 ~]$ sudo sudo ls -l
[sudo] password for RBATTE2: 
RBATTE2 is not in the sudoers file.  This incident will be reported.
[RBATTE2@Test-RHEL-63 ~]$ ls -l /etc/sudoers
-r--r-----. 1 root root 4002 Mar  1  2012 /etc/sudoers
[RBATTE2@Test-RHEL-63 ~]$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied
[RBATTE2@Test-RHEL-63 ~]$

Is this the /etc/sudoers file that is being referenced by the user in question? As you can see, I'm not even allowed to read the file, as this could give an attacker a target.


Robin
Sponsored Links
    #6  
Old Unix and Linux 07-25-2014
nixhead nixhead is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 15 December 2015, 7:28 AM EST
Posts: 133
Thanks: 60
Thanked 3 Times in 3 Posts
XXXXX is the User ID which I have hidden for the sake of confidentiality, in sudoers it's not explicitly mentioned if it is a part of group or not(may be it done remotely through puppet).
But I tested it on RHEL machine by blocking
Code:
su

by adding
Code:
!/bin/su

, and
Code:
sudo sudo su -

worked in it also, so it accounts to a bug with sudoers, or blocking sudo will require some other alternative.
Sponsored Links
    #7  
Old Unix and Linux 07-25-2014
fpmurphy's Unix or Linux Image
fpmurphy fpmurphy is offline Forum Staff  
who?
 
Join Date: Dec 2003
Last Activity: 12 June 2016, 11:03 PM EDT
Location: /dev/ph
Posts: 4,996
Thanks: 73
Thanked 475 Times in 437 Posts
I suspect "sudo" is the name you have XXXXXXed out. That would explain "sudo sudo" working.
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
sudo on becoming root timmywong UNIX for Dummies Questions & Answers 2 04-23-2012 12:08 PM
Sudo to delegate permission from non-root user to another non-root user canar UNIX for Dummies Questions & Answers 1 04-06-2012 06:59 PM
sudo/root access daWonderer UNIX for Dummies Questions & Answers 0 02-10-2012 06:47 AM
sudo must be setuid root. ITHelper AIX 5 02-28-2010 05:52 AM
sudo, root password penguin-friend Linux 5 11-02-2005 03:27 AM



All times are GMT -4. The time now is 10:37 AM.