[Bug 2019496] Re: Security implications of SUDO_ASKPASS
Heinrich Schuchardt
2019496 at bugs.launchpad.net
Tue May 23 14:18:16 UTC 2023
Anything running in the user context can edit ~/.bashrc and set aliases.
But with aliases you don't get root access.
sudo goes to great lengths to ensure that the password is directly
passed from the console and not passed through a pipe. SUDO_ASKPASS can
circumvent this security.
So this badly needs fixing.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2019496
Title:
Security implications of SUDO_ASKPASS
Status in sudo package in Ubuntu:
New
Bug description:
All that is needed to subvert sudo is adding this line to ~/.bashrc
alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A"
and a program that reads the password from the command line and makes
use of it.
Ignoring the SUDO_ASKPASS environment variable would be an option to
stop this.
Best regards
Heinrich
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions
More information about the foundations-bugs
mailing list