Implementation PR
No response
Reference Issues
No response
Summary
Add run_as to facilitate changing the role of a user as part of a step.
Basic Example
...
steps:
- name: setup-privileges
edit_file: /usr/bin/vim.old
backup_file: /usr/bin/vim
edits:
- description: "Set SUID bit on /usr/bin/vim.old"
command: "chmod u+s /usr/bin/vim.old"
- name: hunt-for-suid-bins
execute:
description: "Find SUID binaries"
command: "find / -perm -4000"
run_as: "{{ .Args.low_priv_user }}"
- name: escalate-privilege
execute:
description: "Use SUID binary to escalate privileges"
command: "/usr/bin/vim.old -c ':silent !sudo whoami' -c 'qa'"
run_as: "{{ .Args.low_priv_user }}"
check_output:
- description: "Check if privilege escalation was successful"
regex: "root"Drawbacks
No technical drawbacks.
Unresolved questions
No response
Implementation PR
No response
Reference Issues
No response
Summary
Add
run_asto facilitate changing the role of a user as part of a step.Basic Example
... steps: - name: setup-privileges edit_file: /usr/bin/vim.old backup_file: /usr/bin/vim edits: - description: "Set SUID bit on /usr/bin/vim.old" command: "chmod u+s /usr/bin/vim.old" - name: hunt-for-suid-bins execute: description: "Find SUID binaries" command: "find / -perm -4000" run_as: "{{ .Args.low_priv_user }}" - name: escalate-privilege execute: description: "Use SUID binary to escalate privileges" command: "/usr/bin/vim.old -c ':silent !sudo whoami' -c 'qa'" run_as: "{{ .Args.low_priv_user }}" check_output: - description: "Check if privilege escalation was successful" regex: "root"Drawbacks
No technical drawbacks.
Unresolved questions
No response