Why the parent process of sudo -u remains in ps as root user? is it possible to avoid it? If not is it safe?

security ubuntu

I'm trying to run my web browser as another user for security reasons with Ubuntu 20.04. The whole thing works but I notice that a process with "sudo -u browseruser" owned by root remains in process list.

This is how to replicate the behaviour (I use the same user instead of browseruser for the example to avoid details related to xhost authorization etc but you can understand what I mean):

marco@portatilinux:~$ sudo -u marco firefox &
marco@portatilinux:~$ exit

The browser window is still open as user marco... On another terminal:

marco@portatilinux:~$ ps -aux |grep marco |grep root
root        5056  0.0  0.0  22880  4756 ?        S    13:34   0:00 sudo -u marco firefox

As you can see the process that start firefox remains active as root user until I close the browser windows. Probably this is the expected behaviour and it's ok but, to be sure, I have just a few questions:

Questions:

  • Can this be a possible security hole for the whole system (if someone use a browser exploit it's easier for him to make a privilege excaletion to root or not if I run my browser in this way?)
  • Is there any way to let this sudo -u process die but keep the browser process alive? (if I kill the process the browser window die with him)

I just ask because I don't want to create a worse possible security hole trying to do something better for my system.

I hope it's all clear.

Thanks

Marco


Solution 1:

1: sudo is setuid root, otherwise it wouldn't be able to do its job. So it always starts as root and there's nothing strange that it shows in process list as being owned by root. sudo drops privileges before spawning the child process, in your case firefox. So root privileges remain entirely within the parent process, that is actually only waiting for firefox to finish. I don't see a possibility to exploit it within the child process.

sudo has always worked this way and does extensive checks to avoid the possibility of root privileges being abused. Of course, you can never rule out the possibility of bugs in the software and the potential exploit, but this is highly unlikely. Given the popularity of sudo, the potential exploit probably would have been already found.

2: When you type sudo -u marco firefox &, you are actually running sudo in background, and sudo itself runs firefox in foreground (from its point of view) and waits for it to finish. You can get rid of the parent sudo process if you cause firefox to actually run in background - then the parent sudo process will immediately finish.

Instead of running sudo -u marco firefox & write a script like this:

#!/bin/sh
exec firefox &

Call the script for example run_firefox and place it in /home/marco directory. Then run: sudo -u marco /home/marco/run_firefox (without & at the end). If you check with ps, the sudo process won't be there.

Related

samba share but sub folders are not readable
Is there a REST API for Windows Server Update Catalog?
AWS: can't duplicate DNS settings for an existant domain
How to combine 2 list based on a common key value in Ansible Jinja2
Uniqueness of UUID substring
Estimate/Print csv COPY status to postgresql table
How DeBots recognize a value for external message
Same code works in main, but not when calling from a function in C
Css keyframe loop, finish iteration of animation on element with multiple animations
Remove Max and Min values from python list of integers
Convert a binary string (SecureRandom.random_bytes) into a hexadecimal string?
Rename single column in SELECT * in SQL, select all but a column