Misconfiguration of sudo is insecure (Was: Sudo even more secure)

[Darren L]

As always - I'd imagine that it was a conscious decision to have it set this
way.  Security always flies in teh face of convenience, and since it's aimed
at an average home user, I can see why the little extra step would be good
to have, but would leave potential for a security breach.

There are always going to be holes -  my initial question about sudo was to
find out whether the commands executed as root were logged or not.



On 3/22/06, Tristan Wibberley <maihem at maihem.org> wrote:
>
> Please reply on sounder, this is now offtopic for -devel
>
> Joel Edwards wrote:
> > Unfortunately, it is easy to forget that you are the root user, since it
> is
> > still using your .bashrc file. 'sudo su' works just as well, but it uses
> the
> > roots actual .bashrc
>
> Does it *run* your bashrc?
>
> AFAICS, it changes the PATH, and USER, and the only thing I can think of
> that would be useful to change too is HOME, but that would be more
> dangerous than not.
>
> > Is it just me, or does sudo -s seem like a security problem for
> forgetful
> > people (like myself).
>
> No, not unless you reconfigure sudo to lock down most of the stuff on
> the system. But then *one* user needs to be able to reconfigure sudo, so
> that user account will *always* be the weak link that can break the
> system.
>
> Maybe Ubuntu should add an admin account as well as the regular user -
> don't ask for an admin password to set, randomly generate it and inform
> the user. Set this account to use fvwm with an initial xterm, and
> restrict the first user to package management.
>
> --
> Tristan Wibberley
>
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060322/9820adc8/attachment.htm