Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1-setup-linux-native.sh should not run sudo interactively #3270

Open
marnanel opened this issue Nov 16, 2023 · 2 comments
Open

1-setup-linux-native.sh should not run sudo interactively #3270

marnanel opened this issue Nov 16, 2023 · 2 comments

Comments

@marnanel
Copy link

marnanel commented Nov 16, 2023
edited

Describe the bug
At present, 1-setup-linux-native.sh invokes sudo or su to run the package manager as root. Thus if you run the script as a peon user, and you haven't recently run sudo, you will be prompted for your shell password, or root's shell password, before returning to the shell prompt.

This incurs a small security risk, because the developer is expecting to have to type the password. Patches introduced downstream are able to mimic sudo or su's user interface, run the real sudo with the information, and do something nefarious with it behind the scenes.

Instead, at least for the sudo cases, it would be better to use sudo's -n switch. This exits with $?==1 if the user would have had to type a password. Otherwise, it runs the command as normal. If $?==1, the script should prompt the user to run some sort of no-op command with sudo, and then run the script again.

To Reproduce

$ ./1-setup-linux-native.sh 
Detecting Linux OS...
ID_LIKE=debian
VERSION_ID=12
Checking dependencies...
Running apt-get (root privileges are needed)...

[sudo] password for marnanel:

Expected behavior

$ ./1-setup-linux-native.sh 
Detecting Linux OS...
ID_LIKE=debian
VERSION_ID=12
Checking dependencies...
Running apt-get (root privileges are needed)...
Please execute "sudo whoami", then run this script again.

System information:

  • OS: Debian
  • OS version: 12.2
  • Commit ID: 69f4ea7
@marnanel
Copy link
Author

A friend suggests that the script could just print the command for the user to run, rather than actually running it.

@ice0
Copy link
Collaborator

ice0 commented Nov 20, 2023

Hi, Marnanel!

This incurs a small security risk, because the developer is expecting to have to type the password. Patches introduced downstream are able to mimic sudo or su's user interface, run the real sudo with the information, and do something nefarious with it behind the scenes.

Can you describe this scenario in more detail? Maybe step-by-step explanation?

A friend suggests that the script could just print the command for the user to run, rather than actually running it.

We thought about it.
This script is mainly intended for newbies/lazy users of and CI builds, so we are trying to remove unnecessary complexity here.
For security-conscious users/maintainers, it is better to describe the required packages and allow the user to install them manually.
Maybe we should add the requirements to the readme/install file or something like that. If you know good recommendations on how to do this better, it will be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marnanel @ice0