Thread: [ANNOUNCE] Rootsh - Another way of getting root.
View Single Post
qwerty12's Avatar
qwerty12 is offline qwerty12
2008-07-16 , 16:40
Posts: 4,274 | Thanked: 5,358 times | Joined on Sep 2007 @ Looking at y'all and sighing
#5
Originally Posted by anpaza View Post
Also it would be better to run /bin/sh and /bin/bash with the -l option (login). This will load ~/.profile for the user account and possibly other stuff to set up the shell for root.
sudo gainroot is used how nokia intended it to be used . If I introduce changes, it may break scripts that depend on sudo gainroot (kernel_flasher, lardman's sbcenc's install script etc).

running "root" however uses su and that will spawn a root shell that does load /root/.profile etc. su naturally uses the shell specified in /etc/passwd.

Originally Posted by anpaza View Post
One small note: maybe it would make sense by default to run /bin/bash instead of /bin/sh if it exists. I think if somebody installed bash, then it prefers bash over the default shell.
I think that rootsh does try run /bin/bash first before running sh, from what I can tell from the source anyway. But I'm not a programmer so I may be wrong .

Originally Posted by anpaza View Post
By the way, wouldn't it be easier to just install a file under /etc/sudoers.d/ with something like:

user ALL = NOPASSWD: ALL

? Then you can sudo any command. Or even with user's password (if removing NOPASSWD, just like in Ubuntu.
I thought about that but I was unsure whether it was wise to include it. After all, a lot of stuff uses sudo and I don't want to try and create any security problems . Although you could argue rootsh (the program) does do that :/

Thanks for the suggestions though, much appreciated.