Package: molly-guard
Version: 0.4.5-1
Severity: wishlist
Dear Maintainer,
In the molly-guard(8) manual page, it is said that the following
situations are still unguarded:
· running sudo within screen or screen within sudo; sudo
eats the SSH_CONNECTION variable, and screen creates
a new pty.
· executing those command in a remote terminal window,
that is a XTerm started on a remote machine but
displaying on the local X server.
* What led up to the situation?
At home I have a computer that can be accessed from remote
hosts via ssh. I often run sudo within screen, so just after
molly-guard installation I have set ALWAYS_QUERY_HOSTNAME
to "true", as suggested in the manpage. But I have found this
is not very convenient for local sessions (i.e. when I can
physically access the computer).
* What exactly did you do (or not do) that was effective (or
ineffective)?
Then I have played with sudoers options and set:
Defaults env_keep+="SSH_TTY SSH_CONNECTION"
and I have (re)commented the ALWAYS_QUERY_HOSTNAME
assignment in the rc file. This works like a charm: ssh sessions
are protected, and local sessions can be rebooted/halted
directly.
This has been tested with both:
$ ssh user@remote -t screen
$ ssh -X user@remote xterm
$ ssh -X user@remote xterm -e tmux
(and some other variations)
I noticed that SSH_TTY is not set with "ssh -X ...";
but SSH_CONNECTION is set in all cases except when
a screen session is reattached remotely to a detached
screen session that was created locally. Unfortunately,
it is also set when a screen session is reattached locally
to a detached session that was created remotely.
Maybe this is not exactly what you mean when you say:
If you can think of ways to protect against those,
please let me know!
(because it requires to modify the configuration of another
program instead of modifying the code of molly-guard itself),
but I think this small piece of sudoers configuration covers
enough use cases to be at least mentioned in the
documentation.
Thank you
quidame
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-486
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages molly-guard depends on:
ii procps 1:3.3.3-3
molly-guard recommends no packages.
molly-guard suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
