From: guido@trentalancia.com (Guido Trentalancia) Date: Sat, 19 Feb 2011 06:08:09 +0100 Subject: [refpolicy] [patch 1/1] sudo: Fixes for sudo, handle /var/db/sudo In-Reply-To: <4D5EA91C.1080409@redhat.com> References: <4D5EA91C.1080409@redhat.com> Message-ID: <1298092089.3101.51.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Miroslav ! On Fri, 18/02/2011 at 17.15 +0000, Miroslav Grepl wrote: > http://mgrepl.fedorapeople.org/F15/admin_sudo.patch > > * Allow sudo to send signals to any domains the user could have > transitioned to. > * Handle /var/db/sudo > * Allow users to run executables in /tmp or ~/ To the best of my knowledge, the first part of the last change is something really bad from a security point of view. System administrators put much effort to avoid that (such as mounting /tmp with noexec, nosuid options) ! A legitimate user does not need to store his/her executables in /tmp, as he/she has at least its own home directory available for that (and if he/she cannot write there, then he/she is probably over quota). /tmp just "potentially provides storage space for malicious executables" (quoted from paragraph 2.2.1.3 of NSA public document "Guide to the Secure Configuration of Red Hat Enterprise Linux 5" Revision 4, but any decent web search engine would easily provide you with tons of pages relative to the cries of those whom have allowed that sort of thing to happen on their systems). Regards, Guido