Local privilege escalation when executed with nohup
Bug #285805 reported by
Chris Barrick
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: sudo
I was messing around with nohup when I noticed that sudo doesn't prompt for a password when used with nohup
an example with chown
chris@chris-
-rw-r--r-- 1 root root 0 2008-10-19 04:59 test
chris@chris-
chris@chris-
nohup: ignoring input and appending output to `nohup.out'
chris@chris-
-rw-r--r-- 1 chris chris 0 2008-10-19 04:59 test
chris@chris-
You never get a password prompt, but the file still changes owners
any malicious script could run
nohup sudo rm -rf /
I'm on Intrepid using sudo 1.6.9p17-1ubuntu2 with an unedited sudoers file
Changed in sudo: | |
status: | New → Confirmed |
Changed in sudo: | |
importance: | High → Critical |
Changed in sudo: | |
importance: | Medium → Low |
status: | Incomplete → Confirmed |
To post a comment you must log in.
Unmarking as duplicate because while the same issues are in play as in bug #269992, a new behavior in Ubuntu 8.04 LTS (and also 8.10) is that when running sudo under nohup, a /var/run/ sudo/<username> /unknown entry is created. 'sudo -k' and 'sudo -K' will not invalidate/remove this unless running 'nohup sudo -K &'. This is not intuitive.