sudo vulnerability issues on switch
Hi,
I am working in a networking company where they run their operating system on top of LINUX. User can invoke python script on switch prompt and then from python script by running "sudo gdb" they can get root access as shown below.
switch# python
Copyright (c) 2001-2012 Python Software Foundation; All Rights Reserved
switch# >>> from ctypes import CDLL
switch# >>> libc = CDLL('libc.so.6')
switch# >>> libc.execl('/bin/bash','/bin/bash',None)
bash-3.2$ export SHELL=/bin/bash
bash-3.2$ sudo gdb -q
(gdb) shell
bash-3.2# id
rootuid=0(root) gid=0(root) groups=0(root)
bash-3.2#
This is been posted as vulnerability issue where any user with any role can get access to root by running some commands using sudo.
Could you please tell how to prevent any one from running sudo?
May i know what is the change i need to do in sudo configuration file to achieve this?
Your help is appreciated.
Thanks,
Boobesh
|