Root access through sudo screen - Debian 359


#1

Hello,

I don’t know if this bug is related to screen or maybe another, but in my system I did so:

I opened

sudo screen /dev/ttyMSM0

then Ctl-C and Ctl-A a couple of times or so, and I had a nice root shell sayng “hello do whatever you want” …

Is this a known bug ???
Regards,
Simon


#2

I am certainly not a Linux security expert, but the moment you typed sudo you already had root permissions. I suspect the Ctrl-C/Ctrl-A just caused screen (which was already running as root) to open a shell with the root permissions you had already given to screen.

Try doing the same thing without the sudo, do you still get a root shell?

Full disclosure: I am an employee of Qualcomm Canada, any opinions I have expressed in this or any other post may not reflect the opinions of my employer.


#3

Without sudo screen opens another shell, no root.
But this is of course non desirable behavior.

sudo shouldn’t allow you have root user access.
In fact sudo is configurable via sudoers file.


#4

Hi @simozz

This is expected behavior. sudo is supposed to give you root user access. Here is what the man page says about sudo

DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

you can change the /etc/sudoers file and disable your ability to run sudo if you don’t want root access.

It’s not a bug, it’s a feature.

Full disclosure: I am an employee of Qualcomm Canada, any opinions I have expressed in this or any other post may not reflect the opinions of my employer.


#5

OK, that’s my bad.
Sorry so…