this post was submitted on 30 Sep 2024
830 points (97.6% liked)

linuxmemes

21596 readers
621 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 2 years ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] 0x4E4F@sh.itjust.works 1 points 2 months ago (1 children)

    If on a brand new rig, it's allowed.

    [–] LodeMike@lemmy.today 1 points 2 months ago (1 children)
    [–] 0x4E4F@sh.itjust.works 2 points 2 months ago* (last edited 2 months ago) (1 children)

    Oh, sorry, I misread programs as programmers 😁.

    And no, I don't think so. Credentials need to be cleared before exectution.

    [–] LodeMike@lemmy.today 1 points 2 months ago (1 children)

    Okay. So you must invoke sudo fr on the exact same shell? It cant be taken from a subsequent script?

    [–] 0x4E4F@sh.itjust.works 2 points 2 months ago* (last edited 2 months ago) (1 children)

    Credentials are inherited by every child process that the parent process invokes. Thus, if you give root credentials to a command, every subsequent command that the original one invokes will have root credentials.

    There are some exceptions, but these are special case scenarios and are literally only a few.

    [–] LodeMike@lemmy.today 1 points 2 months ago (1 children)

    That doesnt at all answer my concern but I'll interpret the answer as no it doesn't do that.

    [–] 0x4E4F@sh.itjust.works 2 points 2 months ago* (last edited 2 months ago) (1 children)

    Sorry (again 😂, this happens quite a lot with you, lol), it's early in the morning here, didn't have my coffee yet.

    If the question is can privileges be escalate later on while a command or a script is executing, the answer is yes. You can also deescalate them once the root creds stuff is done executing. You just have to make it clear in the script or the command that "you do this with root creds, but then you continue with user creds".

    The point I was trying to make with my previous comment was that, if a process (command, script, whatever) is ran with root privileges, every program, command, script it invokes later on is ran with root privileges, unless it's specifically noted to run this or that part with some other privileges.

    [–] LodeMike@lemmy.today 1 points 2 months ago* (last edited 2 months ago) (1 children)

    That also does not answer my question. I must've said it wrong.

    I was wondering "if I run a single command with sudo, and the timeout to when I would have to enter my password again for another sudo is aay 5 minutes, and I run another command without sudo within those five minutes inside that same shell, would that command be able to maliciously elevate itself using sudo?"

    [–] 0x4E4F@sh.itjust.works 2 points 2 months ago (1 children)

    If by maliciously you mean a virus might take advantage of the system in those 5 minute, the answer is, yes, it is possible... not likely, but possible.

    If the question was, can the shell by itself escalate a command that does not have sudo in front of the command, the answer is no. If it did that, than there are some serious bugs in the code... or some malicious code planted in it. By definition, it's not supposed to do what you don't tell it to do.

    [–] LodeMike@lemmy.today 2 points 2 months ago (1 children)

    This is exactly the answer I was wanting. Thank you.

    [–] 0x4E4F@sh.itjust.works 2 points 2 months ago