Bugtraq mailing list archives
Re: Sudo: local root compromise with krb5 enabled
From: "Mark Senior" <senatorfrog () gmail com>
Date: Thu, 7 Jun 2007 13:55:52 -0600
On 6/7/07, James Downs wrote:
On Jun 6, 2007, at 6:57 PM, Thor Lancelot Simon wrote: > The 'sudo' package can be built to use Kerberos 5 for authentication > of users. When a user is properly authenticated to sudo, sudo grants It should be noted that Kerberos is not an authorization system. All this case does is allow a user, who can already log into your system, and already can use sudo, to bypass their real password. If the user can't do things as root, correct or incorrect password isn't buying them much. This IS a bug in handling kerberos authentication, but if the user can log into the system, the user can use any version of sudo, and if they're authorized, they already know their password, and can do things as root.
In Suse Linux 10, the default /etc/sudoers has ... Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ... In other words, in the SuSE default config, sudo is just an overcomplicated su - to sudo something as root, you need not your own password, but root's - except you don't have to be in wheel to use it. If sudo is configured as above, and uses kerberos, then all users might be able to exploit this.
Current thread:
- Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- MIT krb5: makes sudo authentication issue MUCH worse. Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled James Downs (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Todd C. Miller (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- <Possible follow-ups>
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 12)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 15)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)