I would suggest setting "timestamp_timeout" to "0" in the sudoers file to disable the use of timestamps. I never heard of timestamps being re-used this way with malicious intent, but I think it is a legitimate privilege escalation concern. This applies to each user on the system, hence why it is a hidden file in your /home.Ī program can start a new pty which has a valid timestamp, or even kill your shell running on a pty to take it over.ĮDIT: I posted a proof-of-concept script I wrote, but it was removed by an admin in another thread, so I probably shouldn't post it anymore If you delete it, the first-time help will appear when you use sudo next. sudo_as_admin_successful is a flag that sudo uses to check if you have successfully authenticated in the past. What is, by the way, ".sudo_as_admin_successful" file in user's home directory? However, generally the sudo timestamp is not vulnerable in this way. chown root:wheel /usr/local/bin/scriptname) with no write access for others (e.g. usr/local/bin/), make the file root-owned (e.g. Save the script in a root-privileged folder (e.g. If you are concerned about the security of this behaviour, you can reduce the length of a timestamp in your sudoers file, or manually clear the timestamp after each use using "sudo -k". Create a shell script where you call the command without sudo. 2 programs running in the same pts session can re-use the timestamp, however. The sudo session timestamp only applies to the pts () session you are running in. You'll be asked for your password each time. Try it for yourself, open 2 bash terminals and type "sudo top" into each one. " and get root's permissions within 15 minutes time after i entered password for "sudo something. Can a program like firefox run something like "sudo chmod.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |