# Wanted: interesting sudoers



## jrm@ (Aug 14, 2013)

Michael Lucas is writing another book.  This time it's about sudo and he's looking for input.


----------



## SirDice (Aug 14, 2013)

Don't allow vi(1) or less(1).

Both have an option to spawn a shell, giving someone full root access :e


----------



## Crest (Aug 14, 2013)

@SirDice: So do many other useful programs.


----------



## SirDice (Aug 14, 2013)

Indeed. This is fairly stupid too:

```
cp /usr/local/* /usr/local/*
chmod * /usr/local/*
chown * /usr/local/*
```
They allow me to create an SUID root shell in /usr/local/. Those wildcards are funky too

```
sudoedit /usr/local/*
```
This allows me to edit /etc/rc.conf by doing `sudoedit /usr/local/../../etc/rc.conf`

I've had to deal with "high" security systems and they put things like that in the sudoers. I was usually able to break out after looking at `sudo -l` for 5 minutes :e


----------



## marwis (Aug 14, 2013)

SirDice said:
			
		

> Indeed. This is fairly stupid too:
> 
> ```
> cp /usr/local/* /usr/local/*
> ...



I don't get this.  What does it do?  Thanks.


----------



## throAU (Aug 15, 2013)

IMHO, restricting root permissions with sudo is a bit broken.

My only use for sudo is to give multiple users root access without needing to divulge the root password and tell everybody who needs root the new root password when someone leaves and it is re-set.

Sure you can attempt to limit what people can do with sudo but as above, there are many ways to shoot yourself in the foot.  Policy here (small team) is basically that you are either given full root permission or not, and if allowed to run sudo at all, it is against any command, including su.  The use of sudo here is purely so you don't need to know the root password, which is periodically reset and kept for use only when the machine needs to be run in single user mode.


----------



## SirDice (Aug 15, 2013)

marwis said:
			
		

> I don't get this.  What does it do?  Thanks.



They're commands I was allowed to run with sudo. But the wildcards allowed for a lot more than they intended.


----------



## throAU (Aug 15, 2013)

I'm guessing it's because * includes ../ along with ../../sbin (etc.), right?


----------



## SirDice (Aug 15, 2013)

throAU said:
			
		

> I'm guesing it's because * includes ../ along with ../../sbin (etc.), right?


Yep.


----------



## DutchDaemon (Aug 15, 2013)

The only way I ever used sudo to give selective root permissions to others was through tightly controlled scripts in one directory, which were named individually in sudoers. Anything started from those scripts had discreet and finite flags (ended with '--'). I would never hand out wholesale sudo rights or even direct rights to anything in the system directories. At least wrap your shell around it with all kinds of safeguards (e.g.: if you allow editing, make sure the script creates backups and diffs) and carefully choose the options you hand out.


----------



## chatwizrd (Aug 15, 2013)

It's simple don't use it. I don't see why a book needs to be written about that.


----------



## cpm@ (Aug 16, 2013)

It's worth reading with all due respect to the Godmother of UNIX Admins, Remembering Evi Nemeth: The woman that saved "sudo".


----------



## kpa (Aug 16, 2013)

In my opinion sudo is a flawed attempt at addressing a fundamental problem with the UNIX permissions and users system. There should never be a need to have a separate root user if it was done properly with capabilities and ACLs that control what a user can do and can not.


----------

