summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2017-03-03 12:55:02 +0000
committerintrigeri <intrigeri@boum.org>2017-03-03 12:59:56 +0000
commit67bfe13b2a019fa6d4d47c7232bc12da5a7a7a44 (patch)
treedee2cbab39fde1a149a576222ff17add7198772a
parentd21e11aece4ec320c2ea6a5cdcd7a43f868ee2c6 (diff)
Allow the tails-install-iuk user to run "/usr/bin/nocache /bin/cp *" as root (refs: #8449).
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_upgrade2
-rw-r--r--wiki/src/contribute/design/incremental_upgrades.mdwn6
2 files changed, 4 insertions, 4 deletions
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade b/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
index ac29a44..4cc0618 100644
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
+++ b/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
@@ -1,4 +1,4 @@
-Cmnd_Alias INSTALL_IUK = /bin/chmod, /bin/cp, /bin/dd, /bin/mkdir, /bin/mktemp, /bin/mount, /bin/rm, /bin/tar, /lib/live/mount/medium/utils/linux/syslinux
+Cmnd_Alias INSTALL_IUK = /bin/chmod, /bin/dd, /bin/mkdir, /bin/mktemp, /bin/mount, /bin/rm, /bin/tar, /lib/live/mount/medium/utils/linux/syslinux, /usr/bin/nocache /bin/cp *
Cmnd_Alias IUK_GET_TARGET_FILE = /usr/bin/tails-iuk-get-target-file
Cmnd_Alias UPGRADE_FRONTEND = /usr/bin/tails-upgrade-frontend ""
diff --git a/wiki/src/contribute/design/incremental_upgrades.mdwn b/wiki/src/contribute/design/incremental_upgrades.mdwn
index faaf241..e1e7ee2 100644
--- a/wiki/src/contribute/design/incremental_upgrades.mdwn
+++ b/wiki/src/contribute/design/incremental_upgrades.mdwn
@@ -717,9 +717,9 @@ user, who itself:
passwordless sudo, as the `tails-iuk-get-target-file` user.
The `tails-install-iuk` user is allowed to run, using passwordless
-sudo, every command required by its task (currently: `chmod`, `cp`,
-`dd`, `mkdir`, `mktemp`, `mount`, `rm`, `tar` and
-`/lib/live/mount/medium/utils/linux/syslinux`) with any arguments.
+sudo, every command required by its task with any arguments.
+This includes e.g. `cp` so for all practical security purposes,
+it can effectively escalate to arbitrary code execution as root.
It is a member of the `tails-iuk-get-target-file` group, which allows it to
read the files downloaded by the `tails-iuk-get-target-file` program.