|
|
|
|
| |
| Sudo, a program that enables unprivileged users to execute commands as super users (a.k.a. root), was found to be vulnerable to a few types of attacks that can be easily avoided by using an easily accomplished security prevention scheme. |
| |
Credit:
SuDo's home page is: http://www.courtesan.com/sudo/.
|
| |
Sudo is open to attack by the following two methods:
1) 'sudo' was designed with the security in mind, so whenever a user wants to execute a command as a privileged user he must re-enter his password. This password 'token' (which is stored inside a cache) is valid by default for a duration of 5 minutes. Making it possible for a user to use the mentioned token to run 'sudo' without knowing the user's password.
2) The cache option mentioned above is created for a username and is available no mater on which TTY the user logged on, for example, if the user logged on on TTY1 and logged off from TTY1, and then again logged on TTY2 the 'token' will be used and no password will be prompted for while executing 'sudo'.
This at first glance may seem to be a no problem situation, but you should remember that users aren't completely secure, and sometimes might unintentionally allow access to the machine via IRC scripts, IRC bots, CGI scripts that because are coded poorly (or intentionally) may spawn out a shell. Now all the attacker has to do is wait for an authentication 'token' of 'sudo' to enter the cache to successfully execute 'sudo'.
To avoid such a problem a few preventative measures can be taken:
1) 'sudo' can be configured to use a shorter time-out value (instead of the default 5 minutes, it is advised to use a one minute time-out).
2) 'sudo' can be configured to prevent TTY attacks, by enabling the usage of TTY based 'tickets' by enabling USE_TTY_TICKETS option.
3) 'sudo' can be given a command line parameter '-k' that makes it delete the mentioned token.
|
|
|
|
|
|
|
