Misconfiguration of sudo is insecure (Was: Sudo even more
xlr8me at gmail.com
Wed Mar 22 20:17:54 GMT 2006
As always - I'd imagine that it was a conscious decision to have it set this
way. Security always flies in teh face of convenience, and since it's aimed
at an average home user, I can see why the little extra step would be good
to have, but would leave potential for a security breach.
There are always going to be holes - my initial question about sudo was to
find out whether the commands executed as root were logged or not.
On 3/22/06, Tristan Wibberley <maihem at maihem.org> wrote:
> Please reply on sounder, this is now offtopic for -devel
> Joel Edwards wrote:
> > Unfortunately, it is easy to forget that you are the root user, since it
> > still using your .bashrc file. 'sudo su' works just as well, but it uses
> > roots actual .bashrc
> Does it *run* your bashrc?
> AFAICS, it changes the PATH, and USER, and the only thing I can think of
> that would be useful to change too is HOME, but that would be more
> dangerous than not.
> > Is it just me, or does sudo -s seem like a security problem for
> > people (like myself).
> No, not unless you reconfigure sudo to lock down most of the stuff on
> the system. But then *one* user needs to be able to reconfigure sudo, so
> that user account will *always* be the weak link that can break the
> Maybe Ubuntu should add an admin account as well as the regular user -
> don't ask for an admin password to set, randomly generate it and inform
> the user. Set this account to use fvwm with an initial xterm, and
> restrict the first user to package management.
> Tristan Wibberley
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-devel