To experience the interactivity of this game, visit the original comic.Great source for deeper explanation of restricted shells and commands. Understand the privileges that you are granting with sudo, otherwise someone will get into your fridge, eat all your food and then burn down your house. They are all working exactly as designed. None of these examples are exploits, or overflows. The commands that are allowed sudo access need to be thought out and the functionality needs to be understood. Sudo is a super powerful and incredibly dangerous tool. # less has launched an escaped shell as rincewind and now we can read the spell (facepalm) # but sudo -u rincewind less /luggage/camera/picture Sorry, user twoflower is not allowed to execute '/usr/bin/less /luggage/camera/./octavo/spell' as rincewind on discworld. # can i sudo -u rincewind less /luggage/camera/./octavo/spell # start the sudo less command and pass the picture file # got it i need the whole sudo -u rincewind less /luggage/camera/picture Sorry, user twoflower is not allowed to execute '/usr/bin/less picture' as rincewind on discworld. Twoflower discworld=(rincewind) /usr/bin/less sudo -u rincewind less picture Honey badger (VIM) don’t care what the sudoers.d/file said.Īlright next step, take away VIM, give twoflower less and ONLY a single file in a single folder, because less has to be better. This is because VIM is invoking the shell after the session is launched as the sudoer. This is even worse because now, not only can twoflower still open read and edit the spell in the octavo, VIM has enabled a shell escape as the sudoer. # awe nuts you can open the file if you traverse directories after VI is openĪshonai. Sorry, user twoflower is not allowed to execute '/usr/bin/vi /luggage/camera/./octavo/spell' as rincewind on discworld.Īshonai. Twoflower discworld=(rincewind) /usr/bin/vi sudo -u rincewind vi /luggage/camera/./octavo/spell Next, lock it down, we will take away the cat command and replace it with just VI and then no arguments can be passed to VI, because if a wildcarded path is included then VI will fall to the same directory traversal issue. We should never use wildcards like this in sudo, ever. How? what? This is simply the way that the wildcard works with sudo. has read the spell inside of the octavo and everything has ended. $ sudo -u rincewind cat /luggage/camera/./octavo/spellĪshonai. Sorry, user twoflower is not allowed to execute '/bin/cat /luggage/octavo/spell' as rincewind on discworld. $ sudo -u rincewind cat /luggage/octavo/spell User twoflower may run the following commands on discworld: Matching Defaults entries for twoflower on discworld:Įnv_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin We feel pretty good about this setup, it has only allowed twoflower a single command in a single path. rwx- 1 rincewind rincewind 67 Dec 5 02:40 spell Twoflower discworld=(rincewind) /bin/cat $ ls -lA /luggageĭrwxr-xr-x 2 twoflower twoflower 4096 Dec 5 02:37 cameraĭrwx- 2 rincewind rincewind 4096 Dec 5 02:40 $ ls -la /luggage/octavo/ĭrwx- 2 rincewind rincewind 4096 Dec 5 02:40.
Rincewind feels pretty good that twoflower will never be able to read anything in the octavo and certainly never be able to read the spell located in the folder and file permissions are both set with 0700.īelow is the output of /etc/sudoers.d/012-twoflower file and a command output. Because, we don’t know what the photos will be named we will wildcard all the filenames in /luggage/camera/* luggage/camera/ /luggage/octavo/ We have allowed twoflower to run only the cat command as rincewind, and only in the location /luggage/camera/ folder. Because, rincewind doesn’t want twoflower to read the octavo, but is fine if he looks at the camera, both which are located in the in the luggage. Rincewind and twoflower are two users who have been traveling with this luggage for sometime. The luggage is carrying some incredibly valuable things. Let’s say that we have a folder named /luggage/. Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user. Sudo make me a sandwich, then I’ll pwn your fridge #
0 kommentar(er)
