[COLUG] How Does Linux Security Work?

[Brian Miller]

On Thursday 02 August 2007 10:01:57 am Mark Erbaugh wrote:
> On Wed, 2007-08-01 at 23:12 -0400, Brian Miller wrote:
> >   Someone could
> > presumably write a program that would capture your password and then
> > use it
> > to elevate its privileges, but this program would have to insert
> > itself
> > before you run sudo itself (as I recall, sudo has some security to
> > prevent
> > this sort of thing, but I don't remember any specifics).
>
> That's the kind of thing I was wondering about.  I was wondering if
> there is an API that you just pass username and password to and get
> another user's privileges.
>
> Mark

I'm not a programmer, so I won't give you the "official answer".  However, 
there is a "drop privileges" function that a lot of programs use (apache, 
postfix, sendmail, etc.).  These programs have to start as root in order to 
open a port under 1023, but once that port is open, the program drops to a 
non-root user account for all other operations.  You already have to be 
running as root to be able to drop those privileges.

Both "su" and "sudo" allow a regular user to gain root privileges, so 
presumably there is some sort of an API that allows what you're suggesting, 
but both of these programs have to be set uid to root in order to function 
(again, the program needs to have root permissions in order to change what 
permissions you have).

If you just want to take someone's name and password to user that person's 
privileges, just logon as that user, or use the "su" program.  

If you really want all the gory details, you could look at the source code 
for "su" and see what calls that program makes, since the whole purpose 
of "su" is to assume the user ID and permissions of another user.