RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-28 00:57:44 +00:00
Code Issues Activity Actions

Userland: Check sudoers file perms and owner in pls

Browse source 
As per comment found in #6319 by @bcoles, `pls` should check the
permissions and owner of the sudoers file to ensure that it hasn't
been compromised.
This commit is contained in:
Jesse Buhagiar 2021-04-17 00:55:05 +10:00 committed by Ali Mohammad Pur
parent 82b48d867d
commit d44e2c9ad9
5 changed files with 99 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Documentation/BuildInstructions.md
View file

@ -230,8 +230,8 @@ $ ninja run
Note that the `anon` user is able to become `root` without password by default, as a development convenience.
To prevent this, remove `anon` from the `wheel` group and he will no longer be able to run `/bin/su`.
`anon` is also, by default, located in `/etc/sudoers`, meaning that they will be able to execute with root permission using `pls`.
To prevent this, remove them from `/etc/sudoers`.
`anon` is also, by default, located in `/etc/plsusers`, meaning that they will be able to execute with root permission using `pls`.
To prevent this, remove them from `/etc/plsusers`.
On Linux, QEMU is significantly faster if it's able to use KVM. The run script will automatically enable KVM if `/dev/kvm` exists and is readable+writable by the current user.