![]() If it does, then malware can execute sudo commands without needing to supply the user's password. For example, /var/db/sudo's timestamp can be monitored to see if it falls within the timestamp_timeout range. Elevated privileges are required to edit this file though.Īdversaries can also abuse poor configurations of these mechanisms to escalate privileges without needing the user's password. However, the sudoers file can also specify when to not prompt users for passwords with a line like user1 ALL=(ALL) NOPASSWD: ALL. This provides the principle of least privilege such that users are running in their lowest possible permissions for most of the time and only elevate to other users or permissions as needed, typically by prompting for a password. ![]() This also describes which commands users can run as other users or groups. The sudoers file, /etc/sudoers, describes which users can run which commands and from which terminals. This means that, for example, the sudo timeout of one tty will not affect another tty (you will have to type the password again). Additionally, there is a tty_tickets variable that treats each new tty (terminal session) in isolation. Sudo creates (or touches) a file at /var/db/sudo with a timestamp of when sudo was last run to determine this timeout. This is because sudo has the ability to cache credentials for a period of time. The sudo command "allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments." Since sudo was made for the system administrator, it has some useful configuration features such as a timestamp_timeout, which is the amount of time in minutes between instances of sudo before it will re-prompt for a password. Within Linux and MacOS systems, sudo (sometimes referred to as "superuser do") allows users to perform commands from terminals with elevated privileges and to control who can perform these commands on the system. Adversaries may do this to execute commands as other users or spawn processes with higher privileges. Adversaries may perform sudo caching and/or use the sudoers file to elevate privileges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |