sudo vulnerability issues on switch
Hi,
I am working in a networking company where they run their operating system on top of LINUX. User can invoke python script on switch prompt and then from python script by running "sudo gdb" they can get root access as shown below. switch# python Copyright (c) 2001-2012 Python Software Foundation; All Rights Reserved switch# >>> from ctypes import CDLL switch# >>> libc = CDLL('libc.so.6') switch# >>> libc.execl('/bin/bash','/bin/bash',None) bash-3.2$ export SHELL=/bin/bash bash-3.2$ sudo gdb -q (gdb) shell bash-3.2# id rootuid=0(root) gid=0(root) groups=0(root) bash-3.2# This is been posted as vulnerability issue where any user with any role can get access to root by running some commands using sudo. Could you please tell how to prevent any one from running sudo? May i know what is the change i need to do in sudo configuration file to achieve this? Your help is appreciated. Thanks, Boobesh |
I think that is not a security hole of the system, but misconfiguration by the admin. Please check the /etc/sudoers file (and see man sudoers)
|
All times are GMT -5. The time now is 12:00 PM. |