stackoom
  简体   繁体   中英

Can a sudo user read the command file for which sudo access is enabled?

 原文  2020-12-26 01:34:42       linux/ sudo/ elevated-privileges

Question

I have a normal Linux user say user1, and it has sudo access to a command /usr/local/bin/command.sh.

/usr/local/bin/command.sh has 700 permission. So therefore the user1 is successfully able to run

sudo /usr/local/bin/command.sh

Now I was wondering that with sudo command the privilege escalation is happening. is there any possibility or even a remote possibility that he can read the contents of /usr/local/bin/command.sh? Is sudo by design a very strict command based implementation?

1 answers

solution1
 1 ACCPTED  2020-12-26 09:54:10

The one word answer is: No.

(…) So therefore the user1 is successfully able to run (…)

Strictly speaking it is not user1 who is running that executable, but the user switched to using sudo (in your case root), who of course can also read that file. Now if there's a vulnerability in the executable executable run via sudo, you could piggyback on that to read an arbitrary. file, but that would be bad .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Appending to file with sudo access JSch exec sudo command : How to access sudo command output text? git sudo user access denied Running command as sudo user without a password within a script (.sh file) How can non sudo user shutdown using command line interface? How can I permanently grant sudo access to a user? How environment variables can be read from a file when going into a login shell with here-string and using the sudo command? UNIX - Executing command as root with no sudo/su access Is there a command I can run as a non-root user to see if a user can run a certain sudo command sudo su with user name, password and command
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM