Bugtraq mailing list archives
Re: Bug is sudo?
From: imp () VILLAGE ORG (Warner Losh)
Date: Fri, 26 Jun 1998 23:17:54 -0600
In message <Pine.LNX.3.96.980626031539.9457A-100000 () is-so elite nu> Rhodie writes: : I was messing arround with sudo when i found out that you can check to see : if there is a file that can be exec'd by root, even if you don't have the : privlages. IE: You can check to see if there is a program, in the root : path, that you can't see (maybe can and its just easyer to do it this : way). Not quite. Sudo uses the current value of $PATH to determine where to run a program or not. Root's "path" isn't even consulted. : So? you say, well, you can check to see if there is something to play with : that root has hidden.... You can use this to find out if there are files of a given name in directories that you cannot otherwise ls. You still cannot actually execute them, and if you guess right, mail goes to root. So this isn't a huge deal, but it is a leak in information. BTW, did you send this to the sudo list before broadcasting it to bugtraq to give Todd Miller a change to fix it or at least reply to you? He's very good about investigating potential problems with sudo and something like this I'd imagine he'd be keen on fixing ASAP. Warner
Current thread:
- Re: ncftp 2.4.3 bug, (continued)
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)
- And another qpopper overflow (does this make 3?) Aaron D. Gifford (Jun 28)
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)