![]() ![]() This is a good opportunity for an example. If the sudoers file does allow it, as it does in most instances, the bug has no impact. The result of this bug is that someone can use sudo to elevate to root in a situation where the sudoers file should not allow it. This real-world usage, where sudo is configured to let people easily elevate to root access (which is the default in Linux) instead of letting people easily elevate to other, still-restricted users, is exactly why most people aren’t affected by the bug below. This is still better than giving everyone the password to root, since at least sudo usage is logged, but it does sound awfully similar to the all-or-nothing method it was intended to replace. Most systems these days come configured with a sudo user group (sometimes called wheel) that is granted the power to become root for any purpose. In the real world, however, usage of sudo is more limited. For example, you can write things like “user bob can temporarily become user alice but only to run the mysql command.” Sudo will enforce these rules and run the mysql binary with the permissions of alice, and then force the user to go back to being bob. The sudo configuration file called sudoers actually has a fairly expressive language. ![]() ![]() Most People Don’t Use Sudo The Way It Was Intended Incidentally, bugs involving sudo can be tricky to debug because a security feature of Linux automatically disables the ptrace() syscall on setuid binaries, which prevents tools like gdb and strace from being used. In effect, the sudo binary becomes the final arbiter of root access, metering it out in limited quantities as required. When a non-root user executes a root-owned, setuid binary, the program that runs as a result will be running with the permissions of root, instead of the invoking user. A user who runs a setuid binary automatically inherits the permissions of the owner of the binary. Sudo is a special binary, owned by root and carrying special permission granted to it called setuid. Sudo (short for SuperUser-Do) was introduced as an enhancement to the all-or-nothing approach enabled by the basic permission model. Sudo Avoids Giving Out Root AccessĪs Linux’s usage evolved, admins wanted a way to temporarily grant regular users limited access to the root account for specific reasons without giving them the root password. Getting access to root means getting access to the entire system and is the ultimate prize for an attacker. The UID 0 is reserved for the user root, also sometimes called superuser, who can generally bypass all UID-based permission restrictions and access any file. As an example, if a user with UID 1 wants to read from, write to or execute a file that is owned by the user with UID 2, the permissions of that file must be modified to explicitly allow non-owners read, write and/or execute access, respectively. ![]() Every file and resource on the system is owned by a user (there are groups and GIDs but we can ignore those for now). Linux maintains a list of usernames but internally it only cares about UIDs. It was originally designed for a system where dozens or hundreds of users want to keep their files separate and inaccessible to the other users.Įvery user is assigned a user ID number (UID), generally ranging from 0 to somewhere around 10000. The fundamental permission model for users is based on the one used by Unix. Tools for managing user access control on Linux have evolved as Linux has matured from a niche desktop OS in the nineties to its current role as the dominant OS of choice in the enterprise cloud. We’ll also cover how Cmd’s users can quickly add a rule to catch this bug being exploited on unpatched systems. In this post we will break down the bug by explaining what sudo is, a bit about how it works, and why CVE-2019–14287 probably doesn’t affect you (because you’re probably not using sudo how it was intended). In typical Internet fashion, the announcement of this bug (labelled CVE-2019–14287) was followed by lots of scary headlines about opening Linux up to unauthorized users and enabling hackers to gain root access. News broke earlier this month of a critical bug in the Linux command ‘sudo’, a core tool in Linux that allows user to run programs with elevated privileges. Cmd was acquired by Elastic and the product is no longer available but the protection discussed at the end could be enforced by any Linux security tool with the ability to compare command line arguments pre-execution Note: This was co-written with Brian Gladstein, then head of marketing at Cmd. Sudo linux cve-2019-14287 vulnerability exploits security Sudo CVE-2019-14287 is overhyped ←home RSS sudo CVE-2019-14287 is overhyped ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |