linux security - Nov 1999 - Retraction: security hole in sudo allows users full access

I did not understand the man pages for sudo and incorrectly interpreted
the results.  I interpreted the ALL to apply to all commands
defined in the sudoers file.  Basically, I'm an idiot, but here is the
chain I followed, and the correct interpretation.

  In the man pages on sudo, it says the following:

       A User_List is made up of one or more usernames, uids
       (prefixed with '#'), System groups (prefixed with '%'),
       netgroups (prefixed with '+') and other aliases.  Each
   .........
      A Host_List is made up of one or more hostnames, IP
       addresses, network numbers, netgroups (prefixed with '+')
       and other aliases.  Again, the value of an item may be
   .........
        Cmnd_List ::= Cmnd |
                      Cmnd ',' Cmnd_List
  .......
       The reserved word ALL is a a built in alias that always
       causes a match to succeed.  It can be used wherever one
       might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias,
       or Host_Alias.  You should not try to define your own
       alias called ALL as the built in alias will be used in
       preference to your own.

  I assumed the built in alias ALL had to do with the commands defined in
the sudoers file.  Assuming definitely made an ass out of me.  I used the
example template in the sudoers file for fulltimers.

  It turns out that ALL on the RIGHT side causes a match to succeed
OUTSIDE the definitions in the file for all the following:

  Cmnd_Alias
  User_Alias
  Runas_Alias
  Host_Alias
  


  If you pick up the example lines in sudoers man pages for the following,
the ALL on the RIGHT hand side of FULLTIMERS means any executable in any
location on any computer.

        # User alias specification
        User_Alias     FULLTIMERS = millert, mikef, dowdy
....
        Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump,
/usr/sbin/rdump,\
                               /usr/sbin/restore, /usr/sbin/rrestore
        Cmnd_Alias     KILL = /usr/bin/kill
        Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
        Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
        Cmnd_Alias     HALT = /usr/sbin/halt, /usr/sbin/fasthalt
        Cmnd_Alias     REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
        Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
                                /usr/local/bin/tcsh, /usr/bin/rsh, \
                                /usr/local/bin/zsh
        Cmnd_Alias     SU = /usr/bin/su
...
        FULLTIMERS     ALL = NOPASSWD: ALL

  


    I must apologize again.  I beat on this problem for about 3 months
before I posted it and I never caught on.

   FLAME AWAY!  I deserve it this time!!!


wade