cross-platform virus

Alan McKinnon alan at linuxholdings.co.za
Sun Apr 9 22:44:32 BST 2006 

On Sunday 09 April 2006 20:42, Shawn McMahon wrote:
> On Sun, Apr 09, 2006 at 10:41:36PM +1000, Sasha Tsykin said:

Damn, this is an interesting post. If this were /. I'd mod you up. 
Comments inline as to why it's interesting.

<snip>

> sudo isn't something you use instead of having a root account. 
> sudo is something you use to give people escalated privileges with
> improved logging, and to give them only the escalation they need. 
> You can't NOT have a root account, normally.
>
> I'm not familiar with a couple of those distributions you mention,
> but the rest all ship sudo, and recommend its use for pretty much
> exactly what we're discussing.  In particular, RedHat, Fedora, and
> SuSE all install sudo by default.  (At least SuSE used to; I
> haven't played with recent versions.)

That's true, most distros ship with sudo, and it usually does 
something as well even if only to deny all access until the admin 
configures it different.

> Now, for a single user system, many of the benefits of sudo are
> indeed overkill; however, for any enterprise, tools for controlling
> the escalation of provilege are absolutely essential for
> maintaining a secure environment.  And it's not just used for
> escalation to root; it's used for escalation of privilege to any
> account on the system.

Good point, it's easy to forget that su and sudo let you switch to 
another user, not just root.

<snip>

> If we didn't have sudo at the Fortune 100 corporation where I work,
> we'd have to change the root password on thousands of servers every
> time any of hundreds of different people changed job
> responsibilities; and when you count the non-root things we do with
> sudo, it'd be thousands of people, not hundreds.  My entire job
> would consist of changing the root password all day every day on
> the hundreds of UNIX/Linux servers for which I bear part of the
> administration responsibility.

Ahhh yes, this explains something I'd always wondered - why does sudo 
require the user password? Surely it would be more secure to ask for 
the root password as well (a second barrier)? I forgot to consider 
what happens when many people have the password and one resigns.



> Further, on single-user systems, making people remember two
> passwords may seem on the surface to be more secure, but in the
> long run it isn't, as they either will choose an awful root
> password so they can remember it more easily, or will just make it
> the same as their user password.

Yup, I've done both of these stupid things. And made a good job of 
rationalizing why to myself as well

> Further, if you have to log in as root to install things, people
> will be more tempted to su to root or log into the console as root
> and just do all sorts of things that way, that don't require the
> access.  For example, which of these is more secure:
>
> su -
> ./configure
> make
> make install
> run your program

I do this...

> or...
>
> ./configure
> make
> sudo make install
> run your program

I never do this...

> I, as a UNIX administrator for a Fortune 100 company that every
> single person reading this list has heard of (hint; we're big
> enough that we advertise in every Super Bowl halftime, our company
> name is commonly used as a verb, and we have employees in every
> country including Iraq and Afghanistan), who has as a primary job
> responsibility security and SOX-404 compliance, believe it's the
> latter.  I can tell you from much experience that without sudo or
> op or something similar, even experienced administrators will do
> the former.  Oh, sure, you can do this:
>
> ./configure
> make
> su -c 'make install'
> run program

Phhhft, I never do that. Instead I do this:
sudo bash

> ...but people won't.  And further, you'll be using a different
> method of logging that on every platform, whereas with sudo, you're
> using the exact same method to log it everywhere, making it easier
> to consolidate said logs to prove SOX compliance.
>
> There is no such thing as using sudo instead of having a root
> account; there is such a thing as using sudo instead of giving out
> or even having a root password, and that is something different
> than what you've been saying.  However, there is an argument for
> using a root password instead of sudo; all the benefits of that
> cease in any non-trivial application, but certainly in the most
> trivial cases it's arguable.

I'm happy with su on this box - I'm the only one who ever goes near it 
- but you certainly have made a compelling case for sudo once extra 
admins get added.

-- 
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five

More information about the sounder mailing list