Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support su for root privilege escalation #44

Closed
E-M opened this issue Apr 27, 2016 · 4 comments
Closed

Support su for root privilege escalation #44

E-M opened this issue Apr 27, 2016 · 4 comments
Assignees
@sadayuki-matsuno

Comments

@E-M
Copy link

E-M commented Apr 27, 2016

Is sudo the only option for root privilege escalation? We don't use sudo (we cannot even run it), we use other method (similar to su) and because sudo is hardcoded vuls scan fails.
@kotakanbe
Copy link
Member

Hi, @E-M
Please tell me the details of your method for root privilege escalation.
Thanks.

@E-M
Copy link
Author

E-M commented Apr 27, 2016

Basically it is just like su, you run command like:
su -c "some_command"

The problem is not that you don't support su or other method, the problem is that you have hardcoded sudo.

@sadayuki-matsuno
Copy link
Collaborator

@E-M
Sorry for being late.
I have a question.
Are you okey if you use su method(instead of sudo) without password?

@sadayuki-matsuno sadayuki-matsuno mentioned this issue Jun 9, 2016
Closed
@kotakanbe kotakanbe changed the title hardcoded sudo, why? Support su for root privilege escalation Jun 30, 2016
@kotakanbe
Copy link
Member

--ask-sudo-password was deleted for security reasons.
Because plain sudo password have to be passed via pipe in shell.
The same can be said about su.

So, Vuls supports sudo + NOPASSWD in /etc/sudoers on the target server for now. ( see /~https://github.com/future-architect/vuls#usage-configtest section)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sadayuki-matsuno sadayuki-matsuno

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rkyymmt @kotakanbe @E-M @sadayuki-matsuno