Using sudo to Keep Admins Honest? sudon't!

Tristan Wibberley maihem at maihem.org
Sun Nov 5 23:26:22 GMT 2006 

Matt Zimmerman wrote:
> On Sat, Nov 04, 2006 at 11:19:26AM +0000, Tristan Wibberley wrote:
>> It is a *huge* misconception that Ubuntu does not run as root by 
>> default, because for all security related purposes... it does. It is 
>> trivial to escalate privileges once you have compromised somebody's account.
> 
> This is not unique to Ubuntu, as explained on the same page where I believe
> those other quotes came from.

That's true, but it is still important for people that want to keep 
their systems secured to know about this.


> It's straightforward to escalate to root from
> a user who uses 'su' and a root password as well, if you have their
> password.  It just requires that the attacker wait until the next time the
> user runs su.

sudo is, indeed, an improvement over su - but it only mitigates the cost 
of root security breaches (audit trails) and doesn't do much new to 
prevent them beyond making privilege assignment more fine grained (it is 
cheaper to revoke privileges if you lose trust in an administrator's 
management and use of his own account - but other than that, nothing 
significant).


>> You should *never* use your default account for day-to-day usage.
> 
> Such a configuration is perfectly adequate for most desktop users.  The
> truly paranoid should never use privilege escalation at all, and only
> administer from a direct login on the console.

If you ask most desktop computer users whether they want to have to 
totally wipe their systems (and take emergency precautions to protect 
their finances) just because their child (read "administrator") visited 
a site that exploited a firefox flaw while doing its homework, or if 
they want to just be able to delete their child's account and remake it, 
I imagine they would not agree.

In any case, my advice is still valid to those that care about what 
happens to their things (and who become stressed by intrusions) if not 
to a certain demographic peculiar to traditional geek-Linux.

-- 
Tristan Wibberley

These opinions are my own, and do not reflect those of my employer.

More information about the sounder mailing list