Bugtraq mailing list archives
Re: Sudo: local root compromise with krb5 enabled
From: Kyle Wheeler <kyle-bugtraq () memoryhole net>
Date: Thu, 14 Jun 2007 09:00:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, June 11 at 06:52 PM, quoth Ken Raeburn:
But sudo has a curious bug: it *tries* to do the second step, but if that step fails because no local service keys are known, it lets the user become root anyway, because the (potentially fake) Kerberos server said so. For example, on a host without a "keytab" file:In some MIT applications there was a conscious choice to that effect. The MIT library's interface for verifying credentials has a flag that can be set to indicate whether it should return success or failure for this specific case. (Though personally, I think the default should be the more paranoid one, it would be an incompatible break from previous versions.)
Maybe I'm misunderstanding here, but so what? This sounds like the equivalent of this: My program respects the $ALLOW_ROOT_COMPROMISE environment variable. You may think root compromises are bad, and that the environment variable is ludicrous, and I agree (that "feature" was added before I took over), but if I removed it then that would be an incompatible break from previous versions. Just because older programs allowed it doesn't make it sacrosanct. ~Kyle - -- The Son of man came eating and drinking, and they say, "Behold, a glutton and a drunkard, a friend of tax collectors and sinners!" Yet wisdom is justified by her deeds. -- Matthew 11:19 -----BEGIN PGP SIGNATURE----- Comment: Thank you for using encryption! iD8DBQFGcVgnBkIOoMqOI14RAkmTAJ9rcBKhRxGyZSeLRgxMnVsmG0GmEwCfYxY0 ZFXlNYUuE3wadtEWnAVF7Iw= =JdRA -----END PGP SIGNATURE-----
Current thread:
- Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- MIT krb5: makes sudo authentication issue MUCH worse. Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled James Downs (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Todd C. Miller (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- <Possible follow-ups>
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 12)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 15)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)