From: guido@trentalancia.com (Guido Trentalancia)
Date: Sat, 19 Feb 2011 06:08:09 +0100
Subject: [refpolicy] [patch 1/1] sudo: Fixes for sudo,
 handle /var/db/sudo
In-Reply-To: <4D5EA91C.1080409@redhat.com>
References: <4D5EA91C.1080409@redhat.com>
Message-ID: <1298092089.3101.51.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Miroslav !

On Fri, 18/02/2011 at 17.15 +0000, Miroslav Grepl wrote:
> http://mgrepl.fedorapeople.org/F15/admin_sudo.patch
> 
>      * Allow sudo to send signals to any domains the user could have 
> transitioned to.
>      * Handle /var/db/sudo
>      * Allow users to run executables in /tmp or ~/

To the best of my knowledge, the first part of the last change is
something really bad from a security point of view. 

System administrators put much effort to avoid that (such as
mounting /tmp with noexec, nosuid options) !

A legitimate user does not need to store his/her executables in /tmp, as
he/she has at least its own home directory available for that (and if
he/she cannot write there, then he/she is probably over quota).

/tmp just "potentially provides storage space for malicious
executables" (quoted from paragraph 2.2.1.3 of NSA public document
"Guide to the Secure Configuration of Red Hat Enterprise Linux 5"
Revision 4, but any decent web search engine would easily provide you
with tons of pages relative to the cries of those whom have allowed that
sort of thing to happen on their systems).

Regards,

Guido