getting the root password through .bashrc and a fakesudo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Invalid
|
Undecided
|
Kees Cook |
Bug Description
First because many people didn't understood this at all, read this forums post relating this hole where it should be made clear: http://
a short summary:
It's pretty simple to raise from user to root lvl, if you have once access to a system. There's no need for any local root exploit for Ubuntu anymore because of the .bashrc file in the homedir. The file is writeble from the useraccount, so you need just to append alias sudo=pwdstealin
One could also simple social engenier a new ubuntu- or linux-user (maybe also an ignorant older one..) this remotly by telling one to execute a "harmless" tool/script (and also if not tested I'm pretty sure this can also be triggered by userlevel applications which support plugins!) and telling him he hasn't to be afraid because he just should execute it with user priviledges and not root and he's dead too. Through the Ubuntu security scheme many are thinking that as long as you don't work as root there can't happen any great harm.
Also a virus could very easily make use of this and making a ubuntu virus as harmfull as a windows one!
This is in my eyes a serious privilidge escalation
I'm asking myself why this file is by default writeable by the user on Ubuntu Feisty Fawn Desktop-System, if you take in mind how often a normal user needs this file and how dangerous this is as I explained above.
Is it an Ubuntu security problem or how sudo is implemented?