sudo security concerns ?
Eric Feliksik
milouny at gmx.net
Fri Nov 26 07:21:19 CST 2004
Matt Zimmerman wrote:
> On Thu, Nov 25, 2004 at 07:47:11PM -0800, Karl Hegbloom wrote:
>
>
>>I'm concerned about the security of having 'sudo' available so easily.
>>When I run a sudo command, it asks for my password. That's fine, but
>>the second time I run it, it does NOT ask for it. Once you
>>authenticate, it remembers that and you stay authenticated for a period
>>of time.
>>
>>I think that opens up a security hole that could be exploited by 'virus'
>>or 'trojan horse' writers. When Ubuntu becomes very popular, it will
>>attract virus writers just as Windows has. If anything has easy access
>>to 'root', it can do pretty much anything it wants to.
>>
>>Can sudo be configured, by default, to require a password EVERY time you
>>run a sudo command?
>
>
> This was discussed months ago; the reality is that this doesn't open any
> holes which don't already exist due to the inherent design of
programs like
> su and sudo. Anyone who has control over a uid with access to su or sudo
> has control of root as well..
>
That's interesting. But how can a program become root if sudo requires a
user's password, other than sniffing keystrokes for that users' password?
I always loved the unix way of running everything as user, and become
root if you need to... Using windows with it's limited "run as
administrator" functionality was a pain.
But this means that running one evil program as user 1000 (sudo'er) on
Ubuntu could compromise your system... Thereby the seperation of root
and user for malware is no longer relevant (well, ok, the malware has to
make use of this sudo-situation, but that's just a doorstep).
The seperation is then only useful for preventing the legal user 1000 to
accidentally break things (because it's not always root).
I think this model could use some thought, then?
Thanks,
Eric
More information about the ubuntu-devel
mailing list