Use of sudo is overly broad

Description

Currently when running with a RAM disk e.g. /mnt/ramdisk it is necessary for the run as user to have sufficient permissions to be able to do a password-less sudo. While use of sudo for privileged operations is not unexpected the way it is done currently is overly broad and creates a potential security flaw. For example in the mount script currently the script does a sudo bash in order to invoke a function which carries out the mounting operation:

1 sudo bash -O extglob -c "mount_ramfs_linux"

This essentially gives the run as user a privileged shell. This prevents granting the run as user limited sudo privileges e.g.

1 alluxio ALL = NOPASSWD: /usr/bin/mount /mnt/ramdisk, /usr/bin/umount /mnt/ramdisk, /usr/bin/chmod /mnt/ramdisk

Which should be sufficient for the Mount script to mount the RAM disk. Instead you're forced either create a privileged user account or to grant the account the ability to sudo bash. So you have to create an account that has the ability to do privilege escalation because if they can sudo bash they can get a privileged shell and do whatever they want.

Environment

None

Status

Assignee

Bin Fan

Reporter

Rob Vesse

Labels

Components

Affects versions

1.3.0

Priority

Critical
Configure