Preventing regular scripts to gain root access through sudo in RHEL
Issue
After configuring /etc/sudoers
or /etc/sudoers.d/
to allow users to run a script as root
, a malicious code can be inserted into this script and then be run as root
, as in the example:
# cat /etc/sudoers.d/john
john ALL=(root) NOPASSWD: /home/john/harmless.sh
As user john, the script is modified with malicious code:
[john@lab ~]$ cat harmless.sh
su - <====== changed/inserted after sysadmin had inspected the content's file and had configured /etc/sudoers.d/john above
[john@lab ~]$ sudo ./harmless.sh
Last login: Ter Mar 19 14:07:39 -03 2019 on pts/1
[root@lab ~]#
Environment
- Red Hat Enterprise Linux (RHEL)
- 7.2 and above
- sudo
- 1.8.6p7-16.el7 and above
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.