[Alpine-info] Possible security vulnerability?
john.carter at tait.co.nz
Tue May 20 13:47:42 PDT 2008
On Tue, 20 May 2008, Matt Ackeret wrote:
> On Tue, 20 May 2008, John Carter wrote:
>> Note 6. An effective way of exploring these issues is to use strace to
>> intercept system calls. Except you have to be able to follow through
>> fork/exec pairs. Thus you need to sudo it. This unfortunately loses
>> you ~/.pinerc settings. However, my cunning double sudo seems to
> can't you just
> sudo strace alpine -p ~myuser/.pinerc
> (obviously I'm leaving out some of the arguments, but you get the idea,
> just point it at the user directly.. Then I think you're getting
> alpine run as the real user, maybe not.)
The way I read that is...
* It won't follow fork/exec's you need -f for that.
* It will run alpine as root, and if it creates / mucks with any
files (which it does) they may well be owned by root. Which may
cause interesting new and different issues for you later.
* There may be other aspects of alpine's behaviour, apart from where
it gets it's .pinerc, that differs if you are a different and more
* I use this trick for exploring security issues. ie. I'm already
feeling a bit paranoid. Exploring such issues _and_ giving the
suspect tool root privilege makes me very nervous.
So I think I'll stick with the double sudo.
sudo strace -v -f -o tlog -s 1024 sudo -u MYUSERNAME -H alpine
John Carter Phone : (64)(3) 358 6639
Tait Electronics Fax : (64)(3) 359 4632
PO Box 1645 Christchurch Email : john.carter at tait.co.nz
More information about the Alpine-info