• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

dtd/H22-Nov-2004-11285

packages/H22-Nov-2004-646531

pkgout/H22-Nov-2004-

xsl/H22-Nov-2004-647572

2.0arch.xmlH A D22-Nov-20048.3 KiB175165

CHANGELOGH A D22-Nov-20047.3 KiB150148

INSTALLH A D22-Nov-20045.3 KiB188122

MakefileH A D03-May-202212.8 KiB609433

PORCMOLSULB.pdfH A D22-Nov-200430.1 KiB

PORCMOLSULB.xmlH A D22-Nov-200433.4 KiB681647

PORTINGH A D22-Nov-20042.5 KiB5849

PROBLEMSH A D22-Nov-20041.5 KiB4335

READMEH A D22-Nov-20045.3 KiB127103

RELEASENOTESH A D22-Nov-20042.4 KiB6953

SECURITYH A D22-Nov-20043.6 KiB6959

SUDOCONFIGH A D22-Nov-20042.2 KiB5840

Sudoscript.3pmH A D22-Nov-20048.7 KiB285261

Sudoscript.pmH A D03-May-20229.2 KiB429168

install-shH A D22-Nov-20045.5 KiB251152

perltidyH A D22-Nov-2004672.9 KiB19,57612,404

sub_dist.plH A D22-Nov-2004471 2219

sub_rpm.plH A D22-Nov-2004563 2522

sub_src.plH A D22-Nov-2004250 129

sub_vers.plH A D22-Nov-2004240 129

sudoscript.8H A D22-Nov-20048.2 KiB235211

sudoscript.podH A D22-Nov-20043.6 KiB12677

sudoscriptd-inH A D22-Nov-200419.7 KiB738474

sudoscriptd.8H A D22-Nov-200410.4 KiB288264

sudoscriptd.bsd.rcH A D22-Nov-2004166 41

sudoscriptd.irix.initH A D22-Nov-20041.1 KiB5738

sudoscriptd.linux.initH A D22-Nov-2004931 6041

sudoscriptd.netbsd.rcH A D22-Nov-2004237 187

sudoscriptd.solaris.initH A D22-Nov-2004727 3320

sudoshell-inH A D22-Nov-20049.9 KiB361227

sudoshell.1H A D22-Nov-200410.7 KiB330306

README

1$Id: README,v 1.8 2004/11/15 00:26:30 hbo Exp $
2
3Sudoscript 2.1.2
4
5See INSTALL for installation instructions
6See CHANGELOG for changes
7See SUDOCONFIG for examples of how to configure sudo
8See Security for notes on security implications of sudoscript
9
10Sudoscriptd/sudoshell are a pair of Perl scripts that provide an
11audited shell using sudo. If you are familiar with sudo, you might
12well ask "doesn't running a shell under sudo defeat the purpose of the
13tool?" Yes and no. One reason for running sudo is to limit what
14commands can be run by users. These scripts do indeed defeat that
15purpose. Another reason to run sudo is to maintain an audit trail of
16commands issued by users with root privilege or otherwise. These
17scripts preserve that audit trail by logging all terminal output to
18log files.
19
20In its default mode, sudoscript enables an audited root shell.  Though
21giving a user an unrestricted root shell allows them to evade auditing
22innocently (by running an xterm for example) or maliciously (by
23changing the root password to give just one of way too many examples),
24you may have no choice but to give your users such a shell.  This may
25be because they truly need the flexibility of a root shell, or just
26because they think they do and can convince their managers to let them
27have it. Either way, you are stuck with losing your audit trail or
28using something like this tool.
29
30In another mode, sudoscript allows an audited shell as some user other
31than root.  Though the implications for system security are less
32severe than with a root shell, there are still ways for user to evade
33sudoscript's audit trail, even when not running as root. See the
34SECURITY document in the distribution for details.
35
36Sudoshell (also ss) is a small Perl script that works in conjunction
37with a logging daemon, sudoscriptd, to log all activity within a
38shell. It uses the Unix script(1) command to create the log. Once
39invoked, all console commands and output are logged to a FIFO. The
40logging daemon reads from this FIFO and manages log files to store the
41data produced. The logs are rotated to ensure that they do not
42overflow the disk space on the logging partition. The daemon is split
43into three parts that allow tagging of each session's data with a
44session ID. This means that different usrs' sessions can be
45separated in the log file using grep.
46
47Sudoshell checks to see if the daemon is running and offers to start
48it if it is not.  (It does this with sudo, so you need to have sudo
49access as root to perform this step.) Sudoshell then checks to see if
50it has been run with root privilege, via 'sudo sudoshell' or
51otherwise, or if it has been called with a -u parameter. If not, it
52reinvokes itself using sudo. The script then checks the user's SHELL
53environment variable. If the value of this variable doesn't match one
54of the shells listed in /etc/shells, sudoshell refuses to run. Next
55the logging FIFO is checked.  If it exists, sudoshell runs the script
56command using the FIFO as the typescript. If it doesn't exist,
57sudoshell exits
58
59SUDO AND SHELLS
60
61Most root tasks can be accomplished with sudo without running a shell.
62However certain tasks, such as running privileged commands in a pipeline,
63can be more difficult using sudo. Since sudo sometimes prompts for a
64password (depending on how long ago the user last authenticated) you can
65run into quirky situations like this:
66
67  hbo@egbok|509> sudo ls | sudo more
68  Password:Password:(enter password)
69  (enter password)
70  #sudoshell#
71  CVS
72  sudoscriptd
73  sudoscriptd~
74  sudoshell
75  sudoshell~
76  hbo@egbok|510>
77
78In this case we get two password prompts, right on top of one another. We enter
79the password for the first prompt, and sudo waits for the next one. Since
80the prompt is on the preceding line, this can be very confusing.
81
82Another place sudo has difficulty is with I/O redirection:
83
84  hbo@egbok|511 > ls -l /tmp/foo
85  -r--r--r--   1 root     other       1464 Mar 25 13:10 /tmp/foo
86  hbo@egbok|512 > sudo ls >>/tmp/foo
87  bash: /tmp/foo: Permission denied
88  hbo@egbok|513 > sudo ls | sudo cat >>/tmp/foo
89  bash: /tmp/foo: Permission denied
90
91But this works:
92
93  hbo@egbok|514 > sudo ls | sudo tee -a /tmp/foo >/dev/null
94
95It's not very intuitive, however.
96
97The problem occurs because the shell implements I/O redirection
98before it invokes the command, which is sudo, NOT ls.
99
100Globbing has problems for the same reason. But in this case, there's
101no good workaround, short of letting the user run a shell:
102
103  hbo@egbok|515 > mkdir fff
104  hbo@egbok|516 > chmod 700 fff
105  hbo@egbok|517 > touch fff/foo
106  hbo@egbok|518 > sudo chown root fff
107  Password:
108  hbo@egbok|519 > cd fff
109  bash: cd: fff: Permission denied
110  hbo@egbok|520 > sudo cd fff
111  sudo: cd: command not found
112  hbo@egbok|521 > sudo rm fff/*
113  rm: cannot remove `fff/*': No such file or directory
114
115The cd fails because cd is a bash built-in, and sudo doesn't know anything
116about it. The "globbing" fails because the shell tries to expand the
117wildcard before executing the command, which is sudo, not rm.
118
119A paper describing these difficulties and lots more is included in the
120distribution. On RPM based systems, it will show up in
121/usr/share/doc/${DIST}/ along with this file. The latest version
122is on the web at http://www.egbok.com/sudoscript/PORCMOLSULB.html.
123
124The latest version of the distribution is at http://www.egbok.com/sudoscript.
125You may contact the author, Howard Owen, at hbo@egbok.com
126
127