Home » Defense in Depth

A Poor Use of Sudo

Posted 9 May 2014 | Comments Off on A Poor Use of Sudo | 2,475 views

Sudo is the tool in Linux and Unix environments for granting administrative privileges to a normal user on a server. The beauty of sudo is that the user does not need to know the root password. Their own password grants them access to run privileged commands.

Unfortunately, one of the common abuses of sudo is to run commands such as sudo su – or sudo /bin/bash. This effectively drops the user into a shell with root privileges to run an extended series of commands. This might be acceptable on a single user system; however, in a multiple user environment, it becomes more difficult to track which administrator ran which commands.

How should this be handled? One option is to disable sudo access to any command that would allow a user to obtain a root shell.  The servers admins will probably complain that they have to type sudo before every command that they want to issue. They will probably probably start circumventing the restriction by putting a copy of bash in their home directory so they can run sudo /home/joe/bash, which violates the spirit of the restriction.

A better option is to implement a privileged shell such as rootsh. System admins can use sudo rootsh to obtain an extended root session, and all of their activities are logged. The log files can be used for audit purposes or just to figure out how something broke in the middle of a complex system change. The admins are happy because they keep their access, and the managers are happy because there is an audit trail.

Comments are closed.