On May 11, 2017 1:49:05 AM GMT+02:00, Adam Carter <adamcart...@gmail.com> wrote: >I want to allow some fairly well trusted users the ablilty to do traces >with icmp. I can give them sudo, but how high is the risk of making >traceroute suid root? AFAIK making text editors or anything that has an >ability to run shell commands suid root is effectively giving them root >access, but other than exploiting vulnerabilities in traceroute itself, >are >there any other issues?
Vulnerabilities in appications can always be exploited. Traceroute (and similar) are not written with the idea of making it super secure. I also once heard that it was possible to abuse a random suid program to gain root shell. Not sure if that is (still) true. I never saw evidence for it, but with the push to use sudo instead of suid-root, I wonder how well that part is being tested. If I had to give some power users access to traceroute, I would allow them to use "sudo traceroute". Or fix it so they can run traceroute from their own accounts without the use of suid. -- Joost -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
