-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Create shutdown.md #419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create shutdown.md #419
Conversation
nice
This makes no sense: PATH does not propagate through sudo.
sudo specifically has the directive secure_path which sets the PATH variable when you use sudo. On Ubuntu 2204, it's set by default to:
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
An administrator would have to specifically set secure_path to include /tmp, which there would never been a reason to do that.
Looking at the other notes from this website like https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/sudo/sudo-reboot-privilege-escalation/, the situations here are completely unbelievable.
ref : https://exploit-notes.hdks.org/exploit/linux/privilege-escalation/sudo/sudo-shutdown-poweroff-privilege-escalation/
if user hash sudo shutdown privilege , we can use this command get root shell