sudo security concerns ?

Thu Nov 25 23:55:17 CST 2004

On Thu, 25 Nov 2004, Karl Hegbloom wrote:

Hello Karl,

> When I run a sudo command, it asks for my password. Once you authenticate,
> it remembers that and you stay authenticated for a period of time.

If you set the timeout to zero, people get annoyed at having to enter their
password everytime;  so they fire up a root/su window and leave it there.

Root-windows don't disable themselves after 5 minutes.

Which is more safer?

BTW, there are many commands, for instance, 'iwconfig wlan0 mode managed'
and commands to do with networking, where I have them set 'NOPASSWD:' to
explicitly not require a password on my laptop if executed my user.

> Is that there for ANY user, or only the first one created?

The first user is assumed to be the 'admin' and gets added to the 'sudoers'
file with the freedom to do anything as any user.  It's up to you to decide
what priviliges should be delegated to other users and add those to the
'sudoers' file.

> Is there a plan to integrate SELinux support in the future?

People are looking at it, although I know some people (sabdfl) weren't
feeling comfortable about it just yet.

There's alot of work being done in other departments which may even bring
more immediate gains that SELinux can.  For instance zero-listening ports
and Pitti's work at stopping programs like logging daemons running as root.

> I'd like to have encrypted /home and swap on some machines.

There's a possibility FUSE (Userspace Filesystems) will get integrated
fairly quickly and encryption can come via that---and even on a
directory-by-directory basis rather than partition-by-partition!

> (perhaps I'll have time to look into doing this someday... I'm in
> college and very busy.)

I suspect the Ubuntu developers appreciate your thoughts, many of them are
very busy playing with ways to improve Ubuntu, and some even in college too. :-)

On Thu, 25 Nov 2004, Karl Hegbloom wrote:
> Answering my own question, I find that adding ",timestamp_timeout=0"
> [...] Can this be made the default, please?

(This was the original default and was changed).  See answer at the top.

> Hmmm.  Now the root terminal won't work.  It times out and fails to
> launch the terminal after I enter my password.  Perhaps gksu does not
> implement 'timestamp_timeout'?

Do you mean 'gksu' or 'gksudo' ?

IIRC, there are some scripts that currently do something like:

  gksudo /bin/echo && sudo ${actually_command_to_run}

Maybe these should be changed so that gksudo does the actual execution in a
single command.

On Thu, 25 Nov 2004, Karl Hegbloom wrote:
> Can a program or script running under my own UID monitor keystrokes and
> learn my sudo password?

The question is the same when it comes to logging 'su' passwords.  Under X,
it is fairly easier to record keystrokes if a program is not securing the
keyboard.  That's an X issue and not related to sudo though.

	-Paul

E&OE.
-- 
Is there no safe way to travel?  London, GB