Misconfiguration of sudo is insecure (Was: Sudo even more
secure)
Chris Jones
cmsj at tenshu.net
Sat Mar 25 12:37:04 GMT 2006
Hi
On 8:50:20 pm 24/03/2006 Paul Sladen <ubuntu at paul.sladen.org> wrote:
> Now you have a shell open where *every* command you type is running
> with unchecked priviliges and it the commands _aren't being logged_.
So a root shell is bad because it does what it says on the tin? ;)
While it may not be exactly the same, commands will be kept for some time
in root's .bash_history. If you want a fully trackable audit trail you
would presumably know what you are doing and restrict sudo access beyond
the default config.
I guess the point here is that there should always be a way to get a root
shell - are you suggesting there is a better way to do that, or are you
just objecting to people using root shells on ubuntu? If the latter I
suspect you are fighting a losing battle.
Perhaps it would be worth not documenting sudo -i beyond the sudo man page
so that it's only discoverable for people who are reasonably clued up?
Cheers,
---
Chris Jones
cmsj at tenshu.net
www.tenshu.net
More information about the ubuntu-devel
mailing list