Why "sudo" allow so many privilege escalation

JohnHancock

New Member
Joined
Jan 18, 2021
Messages
2
Reaction score
0
Credits
29
Hello,



I'm pretty new to the Linux world and I'm discovering a little bit about security.

I wonder, while reading this: https://gtfobins.github.io/, why many basic commands (find, man, etc.), if they are allowed with sudo, allow a simple user to get a shell as root?



For example, in my attached file, all these commands allow, if the user has access via sudo, to gain root access to the shell ? Is it normal that this exists and that it is so simple?



Thank you
 

Attachments

  • Failles shell.png
    Failles shell.png
    50 KB · Views: 364
  • Shell2.png
    Shell2.png
    14.1 KB · Views: 314
  • 2021-01-21 21_10_00-Jerome-esxi.home - VMware ESXi – Brave.png
    2021-01-21 21_10_00-Jerome-esxi.home - VMware ESXi – Brave.png
    10.8 KB · Views: 300


Greetings @JohnHancock
Welcome to the Forum!
Are you coming to Linux from Windows by any chance? Most are overly concerned about security.
Most ex-Windows users are amazed at the freedom that Linux users have. Yes, and that even includes the freedom to screw up your computer if you want to take unnecessary chances - like trying stuff without learning about it first.
I have been using Linux for about 4-5 years now and have never had a virus. In addition to that I have not used any virus protection programs since leaving the Windows computer kindergarten. There are several others on this forum who feel the same about the security issue.
I checked out the link you put up and found it to be of a negative nature.
As you will find out, when you have used Linux for awhile, you will see the value of being able to use sudo to access the root privileges to do certain things on your system. (BTW you don't need sudo to use the 'man' and 'find' commands in the terminal. Many others require its' use.)
So, in answer to your question - is this normal to be able to use 'sudo' - yes, of course it is. That's the beauty of Linux. Open source is very transparent so anyone can learn to use any part of the computer they want without interference from some group or company telling them they can't (closed source aka Microsoft, Apple).
John, do yourself a favor and download a free copy of Linux Mint either from their website or from Distrowatch, burn the iso on a memory stick or flash drive, give it a test drive on your computer before installing it.
I have found Linux Mint to be the easiest distro to transition to from Windows. The latest edition in LM 20.1.
I don't think you will be disappointed if you do.
Once again, welcome to a very friendly and knowledgeable Linux forum.
Old Geezer Tango Charlie
BTW I turned 86 a few months ago and am very happy with being able to use 'Sudo' when I need to.
 

Members online


Latest posts

Top