Using sudo to Keep Admins Honest? sudon't!

Harold hrsawyer at comcast.net
Sat Nov 4 13:00:50 GMT 2006


This is how I thought it was.

?Harold Sawyer
www.SawyerSphere.net
www.centralconnecticutwcg.org


Toby Kelsey wrote:
> Tristan Wibberley wrote:
>
>   
>> According to Matt Zimmerman:
>>
>> "You should consider a user with unlimited sudo privileges to be 
>> equivalent to root from a security perspective."
>>     
>
> That's unnecessarily absolutist. The sudo password provides a real barrier.
>
>   
>> So the default user in Ubuntu *is* root, except that sudo just "prompts 
>> for the user's password as a secondary check which prevents certain 
>> casual attacks (for example, leaving a session open without locking
>> the screen)." - again according to Matt Zimmerman
>>     
>
> So any user 'is' root, you just need the password for 'su'. In fact the login
> prompt 'is' root as well by that argument.
>
>   
>> It is a *huge* misconception that Ubuntu does not run as root by 
>> default, because for all security related purposes... it does. It is 
>> trivial to escalate privileges once you have compromised somebody's account.
>>
>> You should *never* use your default account for day-to-day usage. 
>>     
>
> That's silly.  So you should have a second account, which you log in from to
> your first account, which you run sudo from?  But then the second account is
> equivalent to root because it is trivial to escalate privileges, so you need
> a third account from which you log into your second account, but then ...
>
> The reality is that the default user must have a way of performing 
> administrative functions.  That requires escalating privileges.  If an attacker 
> cannot crack the system directly then they need to compromise the user account, 
> and trick the user into giving them extra privileges.  Using sudo can make that
> harder.
>
> Toby
>
>
>   



More information about the sounder mailing list