cross-platform virus
Tristan Wibberley
maihem at maihem.org
Sun Apr 9 14:05:37 BST 2006
Sasha Tsykin wrote:
> Alan McKinnon wrote:
>> You raise an interesting point, and technically you are correct.
>>
>> Security is always about finding that fine balance between safety and
>> disruptiveness. Currently there are very few Trojan writers out there
>> targeting *nix so for the time being we are relatively safe.
>>
>> I predict that it's only a matter of time before the target of Trojans
>> shifts away from Windows. After the first wave of them, distros will
>> respond by changing their sudo default to no tokens
>>
> Which would infuriate everybody who sues linux because it would be a
> pain in the ass, although, admittedly you could use the sudo -s command.
Do not use sudo -s. use sudo -i. sudo -s should be removed or at the
least documented that it should never be used.
sudo -s runs your own .bashrc as root - yet your .bashrc is writable by
your own user account - which could be compromised by a firefox flaw, or
a flaw in your email program, etc...
That's the reason for having a separate root and user account - the user
can use potentially flawed applications without worrying too much about
compromises. Using sudo -s gives a reliable path to root for an attacker.
sudo is supposed to separately authenticate the user actually issuing
the command, but it doesn't separately authenticate the user that has
made any changes to .bashrc
--
Tristan Wibberley
More information about the sounder
mailing list