[arch-general] Permanently allow root access

Heiko Becker heiko.becker at rocketmail.com
Mon Feb 3 06:14:18 EST 2014


I cannot reproduce your exploit.

Using the stock sudoers file only with the modification

%sudo ALL=(ALL) ALL

and the place for running X applications as root is commented out.

## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"



Am 03.02.2014 11:40, schrieb Martti Kühne:
> Hey guys
> I'll just throw my more local (than probably necessary) .bashrc
> function in here...
> sudo ()
> {
>      local env;
>      if [[ -n "$DISPLAY" ]]; then
>          command sudo "XAUTHORITY=$HOME/.Xauthority" "$@";
>      else
>          command sudo "$@";
>      fi
> }
> You don't give up on X11 cookies, you don't need to touch pam and can
> go on hoping it works in your favor, and thridly, there's even a
> mention of .Xauthority in the stock sudoers file, so, you'll never
> find where these things are set up on a running system anyway...
> cheers!
> mar77i

More information about the arch-general mailing list