sudo security concerns ?
Scott James Remnant
scott at netsplit.com
Fri Nov 26 07:35:25 CST 2004
On Fri, 2004-11-26 at 14:21 +0100, Eric Feliksik wrote:
> That's interesting. But how can a program become root if sudo requires a
> user's password, other than sniffing keystrokes for that users' password?
>
The system can manipulate programs running as root, exported to a user's
X display.
Forcing a password for every sudo call makes people more prone to
running root shells and leaving them open -- it's trivial to send
commands to that from another process only running as the user.
Fundamentally whenever you offer a bridge from one user to another,
anybody can walk across that bridge. The trick is to only leave the
bridge in place for short amounts of time.
sudo with a timeout /in general/ leaves that bridge open for only as
long as the timeout, whereas sudo with a zero timeout tends to make
people leave a bridge there full-time.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041126/57fd7f97/attachment-0001.pgp
More information about the ubuntu-devel
mailing list