Trying to elevate rsync privileges when connecting over ssh without using NOPASSWD in sudoers

Dr. Mark Asbach mark.asbach at pixolus.de
Sat Mar 12 23:57:42 UTC 2022 

Hi there,

Thanks for your feedback!

> Bear in mind, putting a password in an environment variable can be seen by other users on the same system with "ps auxwwe".


Sure. But in my scenario, the control host is considered a „safe“ developer machine, while the target host is considered the „unsafe“ environment. I use this command on my laptop to deploy to lots of cloud machines – there’s noone other than me on my laptop (hopefully ;-)), but instead, I’d like to keep the target machine configurations as secure as possible (no passwordless sudo, no root login).

> The environment variables of a process when it was started are available via /proc/<pid>/environ file. So while other users on that system can't see the environ, every other process running as your target user could.
> 
> Worse, however, your "echo" process puts the password in arguments, and any local user can see program name and args for all running processes. That's a no-no.

Hm, I’m not sure I understand the implications. The whole password handling happens on the machine where I execute rsync (it’s done in "--rsh" not in "--rsync-path“) – which in my scenario is a developer’s laptop. So it’s not the target users that can see the environment but only my own account on my own developer machine.

Plus, I don’t understand what you mean with „putting the password in arguments“. The environment variable expansion happens on my control machine exactly at the time when rsync tries to establish a connection to the target machine by running the shell code from --rsh inside a shell. This will create a subshell for echo and cat where the environment variable is read and written to stdout. stdout is then piped through ssh to the remote machine where "sudo -S" reads it on its stdin. It is never in any argument list.

Please correct me if I’m wrong here.

Best,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4652 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/rsync/attachments/20220313/b25c9d80/smime.bin>

More information about the rsync mailing list