[refpolicy] [patch 1/1] sudo: Fixes for sudo, handle /var/db/sudo

All of lore.kernel.org
 help / color / mirror / Atom feed

From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [patch 1/1] sudo: Fixes for sudo, handle /var/db/sudo
Date: Sat, 19 Feb 2011 06:08:09 +0100	[thread overview]
Message-ID: <1298092089.3101.51.camel@tesla.lan> (raw)
In-Reply-To: <4D5EA91C.1080409@redhat.com>

Hello Miroslav !

On Fri, 18/02/2011 at 17.15 +0000, Miroslav Grepl wrote:
> http://mgrepl.fedorapeople.org/F15/admin_sudo.patch
> 
>      * Allow sudo to send signals to any domains the user could have 
> transitioned to.
>      * Handle /var/db/sudo
>      * Allow users to run executables in /tmp or ~/

To the best of my knowledge, the first part of the last change is
something really bad from a security point of view. 

System administrators put much effort to avoid that (such as
mounting /tmp with noexec, nosuid options) !

A legitimate user does not need to store his/her executables in /tmp, as
he/she has at least its own home directory available for that (and if
he/she cannot write there, then he/she is probably over quota).

/tmp just "potentially provides storage space for malicious
executables" (quoted from paragraph 2.2.1.3 of NSA public document
"Guide to the Secure Configuration of Red Hat Enterprise Linux 5"
Revision 4, but any decent web search engine would easily provide you
with tons of pages relative to the cries of those whom have allowed that
sort of thing to happen on their systems).

Regards,

Guido

next prev parent reply	other threads:[~2011-02-19  5:08 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-18 17:15 [refpolicy] [patch 1/1] sudo: Fixes for sudo, handle /var/db/sudo Miroslav Grepl
2011-02-19  5:08 ` Guido Trentalancia [this message]
2011-02-21 14:02   ` Daniel J Walsh
2011-02-21 14:07     ` Dominick Grift
2011-02-21 16:59       ` Daniel J Walsh
2011-02-21 17:40         ` Dominick Grift
2011-02-21 17:42         ` Dominick Grift
2011-02-21 19:23           ` Daniel J Walsh
2011-02-21 19:24             ` Dominick Grift
2011-02-19 10:05 ` Sven Vermeulen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1298092089.3101.51.camel@tesla.lan \
    --to=guido@trentalancia.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.