Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • Sudoedit will allow the user to escape to a root shell

    Posted on

    Hi all,
    i'm new to this forum. I'm running RedHat 6.6 (Santiago) , kernel 2.6.32-504.8.1.el6.x86_64, selinux disabled, i have always used sudo to delegate privileged command to simple user. Now and i'm running sudo (sudo-1.8.6p3-15.el6.x86_64) and this is my sudoers file:

    Host_Alias SVILUPPO = abbey,wildfire
Defaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%linuxusers SVILUPPO=(root) PASSWD: /bin/su - rpmbuild, /usr/bin/sudoedit -e /etc/yum.repos.d/Kion.repo

    That happens when a unprivileged user runs into the box and executes sudoedit:

    %%%
[loris@wildfire ~]$ id
uid=10501(loris) gid=10501(linuxusers) groups=10501(linuxusers),10510(MGT-Sviluppo),10516(svn_didanet)
[loris@wildfire ~]$ sudo -l
[sudo] password for loris:
Matching Defaults entries for loris on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION
LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

    User loris may run the following commands on this host:

    (root) PASSWD: /bin/su - rpmbuild, (root) /usr/bin/sudoedit -e /etc/yum.repos.d/Kion.repo

[loris@wildfire ~]$ sudo /usr/bin/sudoedit -e /etc/yum.repos.d/Kion.repo

(Vi environment appear)
~
[...]
~
~
"/var/tmp/KionXXBL2CxL.repo" 44L, 1621C

    (user press "esc" than ":sh" ... and it drop a root shell!)

    [root@wildfire loris]#
%%%

    What's wrong? I'm sure that one year ago sudoedit was working well and does not drops user to a root shell.
    ( cfr: https://access.redhat.com/solutions/57331 , ).

    Googling this issue takes me into same same solution, to use sudoedit.
    Have i missed something? Can you help me to solve this very strange issue?
    This is beyond my experienc and RTFM doesn't work.
    thank you in advance. Loris

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat