Compromised user passwords.

klange / toaruos

A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.

https://toaruos.org/

University of Illinois/NCSA Open Source License

6.09k stars 476 forks source link

Compromised user passwords. #252

Closed Doczom closed 2 years ago

Doczom commented 2 years ago

From turbocat2001:

With "strace sudo" all user passwords can be compromised. To do this, you need to patch strace by increasing the output for the "read" syscall.

klange commented 2 years ago

This misses the actual issue which is that a ptrace'd process that execs a SUID binary should not actually SUID.

klange commented 2 years ago

There are many situations the SUID handling doesn't catch that it should - ToaruOS is not secure and the entire infrastructure behind sudo is a toy, a facsimile of the real deal.

Anyway, fixed in 5f643d703478a5f36a1c00ef1171d1b0429537c5 and sudo will report when it didn't get an effective uid of 0 as of 2391009167255fe2b289a72508ee532927ea0ca8

klange commented 2 years ago

@turbocat2001 You're unblocked, file your own bug reports.