Security issue: `sudo xkeysnail` without a password allows for privilege escalation (and information leak)
dguerri opened this issue · 1 comments
Describe the bug
Kinto installs an insecure sudoers configuration in limitedadmins file. This configuration permits executing sudo xkeysnail
without requiring a password, and allows the use of arbitrary parameters for xkeysnail
. These two facts grant the potential to create a root shell by constructing a specifically crafted Python configuration file.
Another potential misuse involves feeding sensitive files to sudo xkeysnail
disguised as configuration files. This trickery can cause xkeysnail to inadvertently print the first line of the file, potentially exposing sensitive information.
Expected behavior
xkeysnail shouldn't be run with sudo insecurely.
Install Type: Bare Metal and VM
Distro: Kali Rolling
DE: Gnome, XFCE, KDE
Branch: master
Commit: any
Moreover, depending on the umask of the system, limitedadmins
installation code could make limitedadmins
world-readable, which is dangerous.