Control: tags 657784 + patch security On Sat 2012-01-28 19:56:30 +0100, a...@linux.de wrote: > If root runs a command as a less priviledged user with "sudo -u", if the user > was compromised, the script will be able to run commands as root by injecting > keystrokes on the terminal. > > This is the same problem as #628843 - the exploit code referenced there works > with sudo, too.
This remains an issue. A trivial proof of concept TIOCSTI attack can break out of a sudo command that is intended to be a privilege drop. The attached patch should enable use_pty by default on debian systems, which resolves this security vulnerability. I'm happy to share my own proof of concept attack with you, Bdale, if that would help to convince you to apply the patch below for debian :) This has also been sent via salsa as https://salsa.debian.org/debian/sudo/merge_requests/1 Regards, --dkg
From 0fc8d1c532f5720c7f5a58f48b7b6eb2cc44c62e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Wed, 20 Mar 2019 13:57:11 -0400 Subject: [PATCH] set use_pty by default (Closes: #657784) --- debian/sudoers | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/sudoers b/debian/sudoers index d4cc632..d68dea7 100644 --- a/debian/sudoers +++ b/debian/sudoers @@ -8,6 +8,7 @@ # Defaults env_reset Defaults mail_badpass +Defaults use_pty Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification -- 2.20.1
signature.asc
Description: PGP signature
