KinKiac
January 20th, 2010, 02:51 AM
Ok, So i ran into this a while ago and I have no clue if this was a known issue and or if it works in newer versions of ubuntu or not, but here is the situation:
At my work(I work in a small IT dept) we have a few ubuntu boxes that are set up as terminals for employees to view a limited number of websites including our insurance info, corporate website, etc etc. The boxes run ubuntu hardy server edition, but have the XFCE desktop environment installed. I wont go into the details of how they are configured, I didnt set them up and really dont know all of the restrictions that have been added to them. All I know is that everything is locked down. There is a password just to get into a terminal, and there is a separate root password. As well, most if not all keyboard shortcuts are disabled. USB and floppy drives are disabled. Basically they are set up so that they can access only a handful of sites, and so that you cant get to a terminal or to the desktop even, without the password(someone has figured out how to hack it, other than me, but I wont get into that).
So, one day im out making a change on one of the terminals, and just for s&g i decided to see if "I" could hack it, using a thumb drive installation. I have a 16gig thumb drive with a full installation on it(9.04), none of this persistent live cd crap. lol.(I know it will wear out at some point but its got a lifetime warranty with the manufacturer and the retailer will replace it for free within 3 years) Anyway, I booted to my thumb drive, BIOS was not locked down, cool. I could get to my desktop, had all my files and really could use the PC to do whatever I wanted for the most part(didnt have network access without a valid user id and pass, but whatever). I then mounted the other filesystem's HDD by clicking on it in the places menu( I love my gui's and Im a noob, lol:P.) After mounting it I ran "sudo nautlius" from a terminal and entered in MY sudo password. After doing so I could open ANY file on the HDD and make changes as if I was root, even though i didnt actually have root access on the filesystem i was accessing. Just as a test I edited the menu.lst file to show grub at startup and also re-enabled USB support by editing the server.conf file. I then rebooted and sure enough, grub menu came up and it recognized my USB drive when I inserted it after the desktop and everything came up.
Soooo, basically by using another installation's sudo password, I was able to access another totally different filesystem, as if I had root privileges.
Anyone else out there know of this? Anyone know if this has been corrected in newer versions or was anyone even aware of this? Im just curious as our network guy had no clue about this until I told him and he's pretty good with linux.
At my work(I work in a small IT dept) we have a few ubuntu boxes that are set up as terminals for employees to view a limited number of websites including our insurance info, corporate website, etc etc. The boxes run ubuntu hardy server edition, but have the XFCE desktop environment installed. I wont go into the details of how they are configured, I didnt set them up and really dont know all of the restrictions that have been added to them. All I know is that everything is locked down. There is a password just to get into a terminal, and there is a separate root password. As well, most if not all keyboard shortcuts are disabled. USB and floppy drives are disabled. Basically they are set up so that they can access only a handful of sites, and so that you cant get to a terminal or to the desktop even, without the password(someone has figured out how to hack it, other than me, but I wont get into that).
So, one day im out making a change on one of the terminals, and just for s&g i decided to see if "I" could hack it, using a thumb drive installation. I have a 16gig thumb drive with a full installation on it(9.04), none of this persistent live cd crap. lol.(I know it will wear out at some point but its got a lifetime warranty with the manufacturer and the retailer will replace it for free within 3 years) Anyway, I booted to my thumb drive, BIOS was not locked down, cool. I could get to my desktop, had all my files and really could use the PC to do whatever I wanted for the most part(didnt have network access without a valid user id and pass, but whatever). I then mounted the other filesystem's HDD by clicking on it in the places menu( I love my gui's and Im a noob, lol:P.) After mounting it I ran "sudo nautlius" from a terminal and entered in MY sudo password. After doing so I could open ANY file on the HDD and make changes as if I was root, even though i didnt actually have root access on the filesystem i was accessing. Just as a test I edited the menu.lst file to show grub at startup and also re-enabled USB support by editing the server.conf file. I then rebooted and sure enough, grub menu came up and it recognized my USB drive when I inserted it after the desktop and everything came up.
Soooo, basically by using another installation's sudo password, I was able to access another totally different filesystem, as if I had root privileges.
Anyone else out there know of this? Anyone know if this has been corrected in newer versions or was anyone even aware of this? Im just curious as our network guy had no clue about this until I told him and he's pretty good with linux.