On Mon, 2015-01-19 at 14:23 -0500, Miloslav Trmač wrote: > > On Fri, 2015-01-16 at 15:39 +0100, Lubomir Rintel wrote: > > > > > > There's a chance of a successful exploitation that would result > > > in obtaining my privileges. Sure, gaining access to my account > > > is bad enough, but if I run "su" or "sudo", they have root! > > > > Along these lines, someone pointed out a rather nasty attack > > vector via sudo the other day: > > > > http://blog.grdryn.me/blog/fedora/prank-alias-sudo-in-bash.html > > > > so...you'd better remember to call it with \ every time...:) > > This is a „movie plot threat“, proposing a specific attack and a > specific mitigation, but doing nothing about the immediately > available alternative attacks. For example, I could edit ~/.profile > to replace the running bash with a modified copy that ignores (or > even specifically hijacks) the \ in \sudo. > > At a first glance it seems to me there in principle can’t be a way > to protect against a modified shell environment from within that > environment because that environment can lie to you about any system > output, or to the system about any your input. (So even having a > trusted “antivirus service” running outside of the shell and > protected against it wouldn’t be useful because from the shell you > could never be sure that you are talking to that trusted service.¹) > Mirek > Sure, I just meant it as a handy and clear demonstration of the principle that if you can compromise the environment of a user with sudo or other admin privileges, you're about 97% of the way to root in any case. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
