Public bug reported:
First because many people didn't understood this at all, read this
forums post relating this hole where it should be made clear:
http://ubuntuforums.org/showthread.php?t=504740
a short summary:
It's pretty simple to raise from user to root lvl, if you have once
access to a system. There's no need for any local root exploit for
Ubuntu anymore because of the .bashrc file in the homedir. The file is
writeble from the useraccount, so you need just to append alias
sudo=pwdstealingfakesudo to it and the next time the user will use sudo
he's dead.
One could also simple social engenier a new ubuntu- or linux-user (maybe
also an ignorant older one..) this remotly by telling one to execute a
"harmless" tool/script (and also if not tested I'm pretty sure this can
also be triggered by userlevel applications which support plugins!) and
telling him he hasn't to be afraid because he just should execute it
with user priviledges and not root and he's dead too. Through the Ubuntu
security scheme many are thinking that as long as you don't work as root
there can't happen any great harm.
Also a virus could very easily make use of this and making a ubuntu
virus as harmfull as a windows one!
This is in my eyes a serious privilidge escalation
I'm asking myself why this file is by default writeable by the user on
Ubuntu Feisty Fawn Desktop-System, if you take in mind how often a
normal user needs this file and how dangerous this is as I explained
above.
** Affects: Ubuntu
Importance: Undecided
Status: New
** Tags: bashrc fakesudo password root steal sudo
** Visibility changed to: Public
** Tags added: bashrc fakesudo password root steal sudo
--
getting the root password through .bashrc and a fakesudo
https://bugs.launchpad.net/bugs/127116
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
