Bug 191148 - CAN-2004-1051 bash scripts run via Sudo can be subverted
Summary: CAN-2004-1051 bash scripts run via Sudo can be subverted
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: sudo
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Ben Levenson
URL: http://www.sudo.ws/sudo/alerts/bash_f...
Whiteboard: impact=low,public=20041111
Depends On:
TreeView+ depends on / blocked
Reported: 2006-05-09 08:40 UTC by Bastien Nocera
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2006-07-28 07:08:52 UTC

Attachments (Terms of Use)

Description Bastien Nocera 2006-05-09 08:40:46 UTC
+++ This bug was initially created as a clone of Bug #139478 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020

Description of problem:
Please see the URL:
to see proper description.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
To reproduce please follow the description in the "Details:" part of
the page.

Additional info:
Note that this issue can be easily fixed by upgrading sudo to 1.6.8p2.

-- Additional comment from bressers@redhat.com on 2004-11-16 08:44 EST --
This issue is not a proper fix, nor should it pose a security issue
for users of sudo.

The fundamental purpose behind sudo is to give trusted users the
ability to perform certain actions as root, without actually having
the root password.  There are countless other ways to trick sudo into
doing things it shouldn't be (hence the word "trusted").  This fix
represents a false sense of security and should be considered
incomplete at best.

If an administrator is worried about untrusted users altering the
environment, they should be setting the env_reset variable in the
sudoers file.  This will clean the whole environment, not just worry
about some aliases being set.  There are a number of other environment
variables that a user can alter to cause a script to have undesired

The real solution to this issue is to set the env_reset variable by
default in the installed /etc/sudoers file, and let an administrator
unset it if they so desire.

We should also leverage the features of selinux to further limit the
reach of sudo in order to keep a target system protected.

One of the proposed fixes was to have the "env_reset" config option in the
sudoers file. The sudo packages should be modified to make this option there by

Note You need to log in before you can comment on or make changes to this bug.