Hey,
I cannot reproduce your exploit.
Using the stock sudoers file only with the modification
%sudo ALL=(ALL) ALL
and the place for running X applications as root is commented out.
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
cheers,
Heiko
Am 03.02.2014 11:40, schrieb Martti Kühne:
Hey guys
I'll just throw my more local (than probably necessary) .bashrc
function in here...
sudo ()
{
local env;
if [[ -n "$DISPLAY" ]]; then
command sudo "XAUTHORITY=$HOME/.Xauthority" "$@";
else
command sudo "$@";
fi
}
You don't give up on X11 cookies, you don't need to touch pam and can
go on hoping it works in your favor, and thridly, there's even a
mention of .Xauthority in the stock sudoers file, so, you'll never
find where these things are set up on a running system anyway...
cheers!
mar77i
