Security issue: sudo xkeysnail without a password allows for privilege escalation (and information leak)
#861
Assignees
Labels
bug
Something isn't working
Comments
dguerri
changed the title
sudo xkeysnail allows privilege escalation (and information leak)sudo xkeysnail without a password allows for privilege escalation (and information leak)
|
Moreover, depending on the umask of the system, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Kinto installs an insecure sudoers configuration in limitedadmins file. This configuration permits executing
sudo xkeysnailwithout requiring a password, and allows the use of arbitrary parameters forxkeysnail. These two facts grant the potential to create a root shell by constructing a specifically crafted Python configuration file.Another potential misuse involves feeding sensitive files to
sudo xkeysnaildisguised as configuration files. This trickery can cause xkeysnail to inadvertently print the first line of the file, potentially exposing sensitive information.Expected behavior
xkeysnail shouldn't be run with sudo insecurely.
Install Type: Bare Metal and VM
Distro: Kali Rolling
DE: Gnome, XFCE, KDE
Branch: master
Commit: any
The text was updated successfully, but these errors were encountered: