When giving sudo to nano makes you root 🧨
Today I want to share a real-life example of how poorly designed sudo configuration can lead to a full escalation to root on a Linux system.
🔍 Scenario:
A non-privileged user (joanna) can run the following without a password:
sudo /bin/nano /opt/priv
At first glance, it seems harmless: it can only edit an empty file owned by root… What could go wrong?
💡 Trick #1 – Read files as root from nano
From nano, you can press Ctrl + R and then Ctrl + T to open the file browser. From there you can load any file on the system, such as:
/root/root.txt /root/.ssh/id_rsa /etc/shadow
And copy its contents directly to /opt/priv or simply read them on the screen.
💡 Tip #2 – Escalation with SUID Permissions
You can even modify files if you know your way around. In this case:
Ctrl + R Ctrl + X
This allows you to run commands within the nano environment. For example, you can do:
chmod u+s /bin/bash
And voilà:
$ ls -la /bin/bash -rwsr-xr-x 1 root root ... /bin/bash $ bash -p # whoami root
🚫 What went wrong here?
Allowing sudo on text editors like nano, vi, or even less gives the user an overly powerful interactive shell from which they can escape, execute commands, or read arbitrary files on the system.
✅ Best practices:
-
Never give
sudoaccess to editors Interactive. -
If you must allow file editing, use limited tools like
visudoor scripts withsudoedit. -
Frequently review your
/etc/sudoersfile andsudosettings.
🔐 Security isn’t just about patching. It’s also about thinking about how you use basic tools.