Best way to gain root privileges

Dan Stromberg drsalists at gmail.com
Thu Feb 17 00:23:02 EST 2011


On Wed, Feb 16, 2011 at 6:10 PM, GSO <gsowww at yahoo.co.uk> wrote:
>> pretty much better off with sudo, or a tiny C wrapper that's so simple
>> it's hard to get wrong.  However, perl's taint feature would be useful
>
> This snippet is about as tiny as it gets in C I think:

Well, it could be tinier really, and actually, this isn't that bad.

> #include <unistd.h>
>
> int main (int argc, char ** argv) {
> int err;
>
> char *newenv[] = { NULL };
>
> if ((err = execle("/usr/bin/pauseme", "pauseme", NULL, newenv)) < 0 ) {
>        exit(err);
>        }
>
> return 0; // never reached!
> }
>
> http://linuxgazette.net/67/tag/20.html
>
> But even this is considered to be risky.

Some people just like to make security sound impossible; they think it
makes them look smarter or something.  Then again, this is Linux
Gazette, which usually caters to relative Linux novices, so maybe such
stern warnings are appropriate (for a while - sometimes novices don't
stay novices forever).

If you empty the environment, don't spawn a subshell, don't scan the
path, avoid reading or writing undefined memory, and carefully check
your error returns, you're generally in good shape with something as
simple as a wrapper.  Yes, simple.

The signal vulnerability thing appears to be mostly about exploiting
overcomplicated signal handlers in the child process (EG, don't use
any system calls in signal handlers - not to be confused with
system(3)), and the file descriptor thing ISTR is mostly an issue when
someone calls open() without correctly checking for an error return -
but something like Python would typically traceback - it wouldn't just
pretend things were fine.

However, if you still think C wrappers are too complex, I believe
there's nothing stopping _you_ from using sudo.



More information about the Python-list mailing list