I prefer su or u+S on a script On Sat, 15 Dec 2018, 12:29 Shea Alterio <krus...@gmail.com wrote:
> As far as I know, pkexec doesn't validate arguments, so it might not be > ideal if you are worried about people trying to trick it. > > On Sat, Dec 15, 2018 at 6:15 AM JungHwan Kang <ultrac...@gmail.com> wrote: > >> Sometimes, I use a sudo command with -s options for keeping >> environment variables for users account(sudoer). I also know -s option >> runs the shell specified by the SHELL environment variable. But the >> SHELL environment variable can be manipulated by other users having >> the same privilege. >> >> So, I think an adversary is able to abuse the changing SHELL >> environment variable for privilege escalation like a video below. (I >> assume the adversary owned the permission for executing a shell on a >> remote) >> >> https://youtu.be/JSQjIm7377o (unlisted state) >> >> I know it is uncertain when the sudo is executed with -s option by sudoer. >> >> Anyway, I have thought of the solutions to the issue below. >> - using a pkexec of a Policy kit, >> - disable a ptrace function via kernel.yama.ptrace_scope, CAP_SYS_PTRACE. >> >> Could you give some advice and comments? >> >> Thx. >> >>
