LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 11-16-2010, 03:16 AM   #1
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,512
Blog Entries: 27

Rep: Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174
Thunar "Open root terminal here" solution security issues


Hello

I've developed Thunar custom actions that provide "Open root terminal here" and "vi as root" but am concerned about security.

At the core of the mechanism, a non-root Thunar user writes a temporary file and then starts a terminal emulator which runs su - and (after su authentication) executes bash with --rcfile <temporary file>. Thus root executes commands in the temporary file which is writeable by a non-root user.

The temporary file is exposed for as long as it takes to create and populate it and for the user to enter root's password and press Enter plus authentication and bash startup time. To mitigate the risk the temporary file is created using /usr/bin/mktemp so has a randomised name and 600 permissions.

Would it be possible for a non-root user that had been able to assume the user's credentials (a better word?) to detect the file creation (inotify or otherwise?) and thus modify the file and have arbitrary commands executed as root? If so can this be solved?

Best

Charles
 
Old 11-16-2010, 03:46 AM   #2
sweetfa
LQ Newbie
 
Registered: Apr 2009
Posts: 5

Rep: Reputation: 0
Firstly - if you are only mktemp'ing the filename, the filename will be easy to guess if someone is familiar with what you are doing.

Aside from the fact you are giving a user carte blanche to do what they like (they can put whatever they like in the file) the file is also not owned by root. Perhaps it is better that the sudo happens for the edit as well and the file is owned by root. That way at least you could restrict it more than what you have at the moment.

Which is more likely, someone figuring out an individual user access or root access.

Personally I would allow a certain set of commands using sudoers file rather than the approach you are taking.
 
Old 11-18-2010, 05:05 AM   #3
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,512
Blog Entries: 27

Original Poster
Rep: Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174
Quote:
Originally Posted by sweetfa View Post
Firstly - if you are only mktemp'ing the filename, the filename will be easy to guess if someone is familiar with what you are doing.

Aside from the fact you are giving a user carte blanche to do what they like (they can put whatever they like in the file) the file is also not owned by root. Perhaps it is better that the sudo happens for the edit as well and the file is owned by root. That way at least you could restrict it more than what you have at the moment.

Which is more likely, someone figuring out an individual user access or root access.

Personally I would allow a certain set of commands using sudoers file rather than the approach you are taking.
Thanks for the reply sweetfa

I'm trying to figure out a more secure solution but do want to achieve a full root logon shell with the single difference of starting in a user-specified directory.
 
Old 11-18-2010, 10:58 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,512
Blog Entries: 27

Original Poster
Rep: Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174
I've figured out a secure enough mechanism to have blogged it here. It's a bit kludgy and multiple instances could interfere with each other but the Thunar custom action "Open root terminal here" has been widely sought and I've never seen a solution so it could be useful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need solution to "failed to fork PTY" and "error creating the child process" problems Gnusboy Linux - Newbie 4 01-02-2010 07:54 AM
In Thunar, how to "Open Terminal Here" for .txt or .dat files? cstrieder Linux - Desktop 2 03-02-2009 08:02 PM
Standard commands give "-bash: open: command not found" even in "su -" and "su root" mibo12 Linux - General 4 11-11-2007 10:18 PM
" KWRITE / trash bin / terminal emulator " issues vm_devadas Suse/Novell 1 06-04-2007 12:22 PM
Possible solution to common "unable to mount root fs" kernel panic while installing pergesu Linux - Software 2 12-26-2005 03:11 PM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration