[arch-general] Permanently allow root access
Heiko Becker
heiko.becker at rocketmail.com
Mon Feb 3 06:14:18 EST 2014
Hey,
I cannot reproduce your exploit.
Using the stock sudoers file only with the modification
%sudo ALL=(ALL) ALL
and the place for running X applications as root is commented out.
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
cheers,
Heiko
Am 03.02.2014 11:40, schrieb Martti Kühne:
> Hey guys
>
> I'll just throw my more local (than probably necessary) .bashrc
> function in here...
>
> sudo ()
> {
> local env;
> if [[ -n "$DISPLAY" ]]; then
> command sudo "XAUTHORITY=$HOME/.Xauthority" "$@";
> else
> command sudo "$@";
> fi
> }
>
> You don't give up on X11 cookies, you don't need to touch pam and can
> go on hoping it works in your favor, and thridly, there's even a
> mention of .Xauthority in the stock sudoers file, so, you'll never
> find where these things are set up on a running system anyway...
>
> cheers!
> mar77i
More information about the arch-general
mailing list