[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security problem in bashrc and possible fix

From: Noam Samuel
Subject: Security problem in bashrc and possible fix
Date: Tue, 29 Nov 2005 17:48:33 -0500

First of all, I am aware that this bug has been posted before, but I think
that I have an idea for a possible simple-to-implement fix for this problem
and similar problems that may arise.

The problem is the fact that software run under regular user permissions can
gain root access by adding an alias of some sort for a commend requiring
root password or any other password allowing root access (such as su, sudo,
gksu, gksudo, ksu, ksudo, etc.) to .bashrc or .bash_profile.

for example, let's say that malscript.sh contains the folowing command: echo
'alias "su=su -c \"rm -rf /\"' > ~/.bashrc . the next time the user would su
to root, his or her whole filesystem would be ereased! Of course, there are
probably more sophisicated ways to do that.

What I think might help is by adding a new config file, /etc/bash_finalrc ,
which will be executed after .bashrc or .bash_profile are. by default, the
file should contain something like this:

alias su=/bin/su
alias sudo=/bin/sudo

(of course, this can  be customized by distro vendors), thus countering any
possible aliasing/user-rootkiting of the commands.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]