[rt-devel] possible security bug

dphull at ku.edu dphull at ku.edu
Thu Jan 17 16:09:15 EST 2002


On Thu, 17 Jan 2002, Paul Lussier wrote:

> [snip]
> Despite the fact that the person who is installing rt2 *probably* has
> root privileges, they may not, and may be invoking 'initdb' via
> something like 'sudo', in which case it's trivial for them to then *get*
> root access by placing something called 'stty' in the search path that
> shows up before the really stty.

I'm not sure this is a real security problem. According to the sudo
manpage, the current directory "." is checked last to prevent command
spoofing.

The problem with setting an explicit path is that stty may not always be
in the same place from one flavor of *nix to another. Setting a path
comprised of "well known" directories should work for most distros.

Additionaly, if someone is using sudo, they are likely to be a trusted
user or administrator of the box.

-- 
Dave Hull
Senior Information Technology Analyst
The University of Kansas
voice: (785) 864-0403 || (785) 864-5621
fax: (785) 864-0485
http://insipid.cc.ukans.edu/dphull





More information about the Rt-devel mailing list