Re: Fedora22 Security Issue.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I recently came up with this 'issue' (not really an issue in fact, please read along) when I configured a Webmin panel on a CentOS 6.7 instance we use at work.

Thing is that the sudo tool provides a configuration flag to deny a command execution if it's not being invoked from a console. Originally this was thought as an additional security layer but ultimately proved to be more a nuisance than anything else and that's why Red Hat decided to switch it off by default on newer releases starting with RHEL 7 (I don't know starting at which Fedora release though).

To disable this check launch visudo, look for "Defaults    requiretty" and comment the line. I believe that you can accomplish the same by adding the entry to a file in /etc/sudo.d/ but I didn't test it myself.

HTH

On Wed, Aug 19, 2015 at 1:31 AM inode0 <inode0@xxxxxxxxx> wrote:
On Tue, Aug 18, 2015 at 2:09 AM, Scott Mattan <s-mattan@xxxxxxxxxxxx> wrote:
> Hello,
>
> I am seeing some disparity between (two distributions granted) CentOS 6.6
> and Fedora22 in their use of the su utility.  I cannot figure out the cause,
> so I cannot fix it.
>
> In CentOS there is no way to script login to root... this is of course a
> desirable trait.
> for instance,
> [ user@localhost user ]$ su root <<EOF
>> password
>> echo ""
>> id
>> EOF
> standard in must be a tty

$ (sleep 1; echo password) | python -c "import pty;
pty.spawn(['/bin/su','-c','id']);"

Some programs require stdin on a tty, su has gone back and forth on
it. It really doesn't stop anything.

John
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux