Sudo can be used recursively. With possibility to crash server.
n10u53 opened this issue ยท 5 comments
Type of bug
Exploit
/ess version
output
Server: 1.16.5-R0.1-SNAPSHOT git-paper-465
Essentials: 2.19.0-dev+69-adef08a
Vault: 1.7.3-b131
Server startup log
I don't think the log is needed here. Simply says for 16megs: "This person executes sudo."
EssentialsX config files
Pretty sure this is not applicable.
Error log (if applicable)
No response
Bug description
When using sudo you can apply it recursively. This combined with "sudo */**" can allow someone to exponentially multiply his/her commands.
Eg: /sudo ** sudo ** sudo ** c:I am crashing this server."
This can be used to put excessive load on the server. Multiplying 7 times and chatting something significantly impacted our Intel i9 server...
Timings report: https://timings.aikar.co/?id=443249111e304d6abd5ec6653c96b19a
Steps to reproduce
/sudo ** sudo **
Expected behaviour
Stop recursion on /* modifier of limit the amount of recursions.
Actual behaviour
I don't think I need to explain this. :)
I would just want to argue this expects admins to know the impact of such a command, which honestly most of the time they don't. I get your train of thought, but you should probably extend to the preventive measures Sudo took when implementing it's functionality, which by the way targets system-administrators that are knowledgeable in these situations.
So I think it is appropriate to at the very least inform the user when he/she first issues this command, just like Sudo does, or when "sub sudoing" ask for extra confirmation with a warning.
/sudo
exists to allow you to run commands as other players without restriction. There are several risks associated with giving people access to /sudo
. Don't give people access to /sudo
if you don't trust them to use common sense.
@mdcfe What is your view on this?
Essentially it boils down to "don't do that" territory. The /execute
command (which is essentially the /sudo
command for any entity) doesn't have a check, for example. Sudo (and execute) should really only be given to trusted people. As with any permission, you should be giving specific permissions to specific users or groups, and not just giving everyone essentials.*
, for example.
Also, I've never seen actual sudo
warn users of its power before use.
I get your stance, but I think my point stands. In the end this is your plugin and you decide what to do with it, so I take peace of mind in the knowledge I at the least informed you about it.
As for the Sudo message here is some history on it. Some setups and even some distributions do disable or change the Sudo-warning. But in my experience this is mainly graphical distributions of Unix where the user shouldn't ever really touch a terminal. Or companies who, and in my eyes who wrongly, disable this on their setup.