Shulou(Shulou.com)06/02 Report--

This article mainly explains "linux how to use sudo to enhance authority", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "linux how to use sudo to enhance authority" bar!

Introduction to 0x00

Sudo is a linux system management instruction, a tool that allows system administrators to let ordinary users execute some or all of the root commands, such as halt,reboot,su, and so on. This not only reduces the login and administration time for root users, but also improves security. Sudo is not a substitute for shell, it is for each command.

Overview of 0x01 vulnerabilities

The vulnerability is an sudo security policy bypass issue that can cause a malicious user or program to execute arbitrary commands as root on the target Linux system, CVE number CVE-2019-14287. Personally, I think this vulnerability is chicken, because it needs special configuration to trigger, and this security problem does not exist in the default Linux.

0x02 affects version

Sudo version

Since a specific configuration is required, the configuration file sudoers (file location / etc/sudoers) is modified first.

Add a line of configuration under root ALL= (ALL:ALL) ALL:

Test ALL= (all recording root) ALL

1. The test indicates the user name

2. The first ALL means that the user is allowed to use sudo on any machine or terminal

3. The word in parentheses (all _ recording _ root) indicates that a command can be executed by any user other than root

4. The last ALL indicates that execution is allowed

The added configuration of this line means that the user test can use the sudo command to execute the command as anything but root.

0x04 vulnerability exploitation

Switch to test user: $su test

Failed to execute $sudo id

Successful execution of $sudo-upright 111 id

So we can directly use sudo-u#id to specify the user id to execute the command, and since you can specify id, you can use-uplink 1 or-upright 4294967295 to bypass the limit and execute arbitrary code as root:

This is because the sudo command itself is already running with user ID as 0, so when sudo tries to change user ID to-1, nothing changes. This causes the sudo log entry to report the command as running as user ID 4294967295 instead of root (or user ID 0).

Thank you for your reading, the above is the content of "how linux uses sudo to enhance permissions". After the study of this article, I believe you have a deeper understanding of how linux uses sudo to enhance permissions, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.