sudo security concerns ?

Scott James Remnant scott at netsplit.com
Fri Nov 26 07:35:25 CST 2004


On Fri, 2004-11-26 at 14:21 +0100, Eric Feliksik wrote:

> That's interesting. But how can a program become root if sudo requires a
> user's password, other than sniffing keystrokes for that users' password?
> 
The system can manipulate programs running as root, exported to a user's
X display.

Forcing a password for every sudo call makes people more prone to
running root shells and leaving them open -- it's trivial to send
commands to that from another process only running as the user.


Fundamentally whenever you offer a bridge from one user to another,
anybody can walk across that bridge.  The trick is to only leave the
bridge in place for short amounts of time.

sudo with a timeout /in general/ leaves that bridge open for only as
long as the timeout, whereas sudo with a zero timeout tends to make
people leave a bridge there full-time.

Scott
-- 
Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041126/57fd7f97/attachment-0001.pgp


More information about the ubuntu-devel mailing list