1

If my user account is a NOPASSWD sudoer, does that mean any program I run can effectively gain root access by using sudo?

I noticed the default user on Raspbian is a NOPASSWD sudoer, and so I've been using the same sudo permissions for my own account. I've been looking into running rtorrent on this system, which by default is meant to be run interactively and used with tmux or the like. It is my understanding that it is a good idea to take extra precautions when running a program that allows incoming connections. This is why it is typically recommended to run a server daemon as its own user. This led me to the more general question above of whether running any program as a NOPASSWD sudoer in effect gives a malicious or vulnerable program root access even if I ran the program normally, without sudo?

Improve this question

1 Answer 1

Reset to default
6

The answer to your question is "it depends". If you have NOPASSWD access through sudo to run any command, then any program or script could potentially escalate itself to superuser access through a simple system call.

If your sudoers configuration is more sane, allowing NOPASSWD access to only a specific list of commands that are expected to be run as batch jobs (or otherwise frequently enough to make NOPASSWD arguably prudent), then attempting to sudo other commands will still balk without a password.

Improve this answer
4
  • 1
    In the first case, is it correct to say then that any malicious program or vulnerable program run by the user has the ability to not only execute malicious code as that user, but also execute malicious code as root by simply calling sudo? Commented Jan 6, 2017 at 18:27
  • 1
    That is absolutely correct. Commented Jan 6, 2017 at 18:32
  • Is it fair to say then that, from a general security standpoint, it is a bad idea to use a NOPASSWD sudoer account to run programs not known to be 100% safe (so basically any programs), especially if they accept incoming connections, such as the torrent client or server mentioned in the second paragraph of my question? Commented Jan 6, 2017 at 18:46
  • 2
    Generally speaking, you only want to use highly specific things with NOPASSWD (for example, a web hosting role user might have '/usr/sbin/service httpd restart' and '/usr/sbin/service httpd reload', but not 'service httpd' or 'service'); if you have an account with NOPASSWD access to anything, than everything that is run by that user may as well be effectively considered to already be running as root. More succinctly, no, I would not suggest running rtorrent, aria2c, or any other torrent program in such an environment. Commented Jan 6, 2017 at 18:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.