Re: [arch-general] Permanently allow root access
Hey guys I'll just throw my more local (than probably necessary) .bashrc function in here... sudo () { local env; if [[ -n "$DISPLAY" ]]; then command sudo "XAUTHORITY=$HOME/.Xauthority" "$@"; else command sudo "$@"; fi } You don't give up on X11 cookies, you don't need to touch pam and can go on hoping it works in your favor, and thridly, there's even a mention of .Xauthority in the stock sudoers file, so, you'll never find where these things are set up on a running system anyway... cheers! mar77i
Hey, I cannot reproduce your exploit. Using the stock sudoers file only with the modification %sudo ALL=(ALL) ALL and the place for running X applications as root is commented out. ## Run X applications through sudo; HOME is used to find the ## .Xauthority file. Note that other programs use HOME to find ## configuration files and this may lead to privilege escalation! # Defaults env_keep += "HOME" cheers, Heiko Am 03.02.2014 11:40, schrieb Martti Kühne:
Hey guys
I'll just throw my more local (than probably necessary) .bashrc function in here...
sudo () { local env; if [[ -n "$DISPLAY" ]]; then command sudo "XAUTHORITY=$HOME/.Xauthority" "$@"; else command sudo "$@"; fi }
You don't give up on X11 cookies, you don't need to touch pam and can go on hoping it works in your favor, and thridly, there's even a mention of .Xauthority in the stock sudoers file, so, you'll never find where these things are set up on a running system anyway...
cheers! mar77i
On Mon, Feb 3, 2014 at 12:14 PM, Heiko Becker <heiko.becker@rocketmail.com> wrote:
Hey,
I cannot reproduce your exploit.
I'm not sure if you misunderstood me. I was enumerating the 2 or 3 more obscure ways to configure this (and tbh, I'd be looking for a while to find these), which I basically worked around in my .bashrc. cheers! mar77i
Am 10.02.2014 13:34, schrieb Martti Kühne:
On Mon, Feb 3, 2014 at 12:14 PM, Heiko Becker <heiko.becker@rocketmail.com> wrote:
Hey,
I cannot reproduce your exploit.
I'm not sure if you misunderstood me. I was enumerating the 2 or 3 more obscure ways to configure this (and tbh, I'd be looking for a while to find these), which I basically worked around in my .bashrc.
cheers! mar77i
Ok sorry then. I was confused by the fact that you tried to get permanent root acces, which I would never recommend. cheers! Heiko
participants (2)
-
Heiko Becker
-
Martti Kühne