Login or Register to Ask a Question and Join Our Community


Cybersecurity

Overwriting sudo

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Overwriting sudo
# 1  
Old 05-31-2010
Overwriting sudo
Hi all,

I have configured a user and provided him the priviledge to vi a file owned by root account. The settings are as below

Code:
$ id
uid=1661(conuser) gid=6615(staff)
$ sudo -l
    (root) NOPASSWD: /usr/bin/vi /opt/DBconserver/etc/conserver.cf

I just realised that when the user execute "sudo /usr/bin/vi /opt/DBconserver/etc/conserver.cf"

he is able to write to some other files owned by root such as these:

Code:
sudo /usr/bin/vi /opt/DBconserver/etc/conserver_au_unix_es.cf
"/opt/DBconserver/etc/conserver" [Read only] 537 lines, 17285 cha
racters
[Hit return to continue]
# RCS (Revision Control System)
# $Id: conserver_au_unix_es.cf,v 
:! id
uid=0(root) gid=1(other) <------ I now have root priviledges

Have any of you encoutered this before? Is there any fix to it?

Moderator's Comments:
Mod Comment code tags please
Last edited by pludi; 05-31-2010 at 04:55 AM..
# 2  
Old 05-31-2010
Yes, I've encountered it before, and it's not a bug. sudo is there in order to have regular users run some programs as if they were root. The problem is that some of these programs can start arbitrary other programs.

Solution: use sudoedit/sudo -e instead. Change the line allowing /usr/bin/vi to sudoedit, and invoke the editor using
Code:
sudo -e /opt/DBconserver/etc/conserver

The editor started will be the one defined in the EDITOR environment variable, and it will operate on an temporary file using the regular user id.
# 3  
Old 05-31-2010
I don't see the option "-e" available in sudo program. Is it available is Solaris 10?

Code:
$ sudo
usage: sudo -V | -h | -L | -l | -v | -k | -K | [-H] [-P] [-S] [-b] [-p prompt]
            [-u username/#uid] -s | <command>

Last edited by Scott; 05-31-2010 at 09:13 AM.. Reason: Code tags, please...
# 4  
Old 05-31-2010
What version of sudo are you running? (sudo -V) Because according to the web site this functionality has been available at least since early 2004 (which should be around version 1.6.7).
# 5  
Old 05-31-2010
sudo version 1.6.6


$ sudo -V
Sudo version 1.6.6
# 6  
Old 05-31-2010
Other than upgrading your version of sudo (which I suggest, as there are probably some other feature enhancements/security fixes included) I can only suggest writing a script-wrapper around vim, which is called by sudo and which emulates the -e option.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

sed is not overwriting a file

hi i have a file as in follwoing: cat apple.txt Apple is a fruit But this fruit is costly Now I used the sed command and i see output as in following # sed 's/fruit/healthy &/' fruit.txt Apple is a healthy fruit But this healthy fruit is costly # sed works fine here. But... (2 Replies)
Discussion started by: Priya Amaresh
2 Replies

2. Shell Programming and Scripting

File overwriting

Hi, An application is transferring a file to linux system with same file name. As file is transferring with same name always file will be overwritten. In this case we want to know what times file was overwirtten like below. Modify: 2014-05-12 00:52:01.000000000 Modify: 2014-05-12... (2 Replies)
Discussion started by: Satyak
2 Replies

3. Shell Programming and Scripting

Overwriting file with sftp

I have a script, which runs through cronjob every night 9 PM. It is supposed to do following tasks -- 1- Connect to ftp.testsite.com via user redtest 2- Fetch file red_bill.txt to my local server, where my script is residing. 3- Rename red_bill.txt to red_bill.V01.txt everyday on sftp server.... (4 Replies)
Discussion started by: solaris_1977
4 Replies

4. UNIX Desktop Questions & Answers

overwriting on a file

I have loads of files in different directories which I do miner changed on them and till now I have to create totally new directories for them, specially as I deal with a whole directory at once :wall::wall::wall::wall: it creates such as mess really e.g. FILES="F1/*" for X in $FILES do... (2 Replies)
Discussion started by: A-V
2 Replies

5. Linux

Is it possible to revert a file after overwriting it ?

Long story short, there was some sort of corruption with my ide and the script I was working on has been over written with nothing (the file is blank now). The IDE doesn't store a back up from what I know (I'm using notepadd++ in wine lol I know I know I'm addictted to the nppftp sidebar and geany... (1 Reply)
Discussion started by: noPermissions
1 Replies

6. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

7. Shell Programming and Scripting

Unzip files without overwriting

Hi, 1)I have two zip files a.zip and b.zip. a.zip contains the files a.txt,b.txt and c.txt b.zip contains the files a.txt,b.txt,d.txt,e.txt Though some of the filenames in a.zip and b.zip are same, the size is different,i.e., the files are completely different even though their name is same.... (1 Reply)
Discussion started by: donisback
1 Replies

8. Shell Programming and Scripting

Regarding overwriting the textfile with output what we get!

Hi freinds, My problem is I have a script which is used for our office work... in that with my userid i can append the LOGFILE with the output which i get while running the script.. for this i use the below command output >> $LOGFILE but with the same script my colleague is... (6 Replies)
Discussion started by: smarty86
6 Replies

9. Shell Programming and Scripting

Overwriting File

How to overwrite every time a particular portion of a file? ---------- Post updated at 02:16 PM ---------- Previous update was at 02:07 PM ---------- I have a file whose contents are something like: Output of "apachectl fullstatus" command: ---------------------------------------------... (3 Replies)
Discussion started by: proactiveaditya
3 Replies

10. Shell Programming and Scripting

UPPERCASE to lowercase with no overwriting?

Hey, I've just started learning shell script today. How would I write a bash script file that changes file names from uppercase to lowercase in that directory, the program should warn the user and NOT overwrite the existing file if it's already in lowercase? for example in a directory i... (1 Reply)
Discussion started by: lgd923
1 Replies
Login or Register to Ask a Question