About root account and sudo

Colin Watson cjwatson at canonical.com
Tue Sep 21 12:22:55 UTC 2004


On Tue, Sep 21, 2004 at 01:54:50PM +0200, Felipe Alfaro Solana wrote:
> I have tried Ubuntu Linux and have found the root account is disabled 
> by default, and that the use of "sudo" is encouraged, instead.
> 
> However, I think that using "sudo" brings in some security implications 
> that make it dangerous. By default, in Ubuntu linux, you can gain 
> superuser privileges by running "sudo" and then entering your own 
> password (the same password you used at login to gain access to your 
> user account). I think this is insecure: the user enters its own 
> password, not the superuser password (which should be a different 
> password). Thus, if the user's password gets compromised, not only its 
> user account gets compromised, but also root access: a hacker can gain 
> access to the user account (as she knows the password), then use "sudo" 
> to gain root privileges.

Note that if you're using 'su' to gain root privileges, having access to
the account of the user who calls 'su' is also sufficient to gain root
access; you simply need to install a keystroke logger and wait.

Disabling sudo is fine if you prefer things that way, but to be
consistent you should be sure never to call 'su' from an unprivileged
account.

Cheers,

-- 
Colin Watson                                    [cjwatson at canonical.com]




More information about the ubuntu-users mailing list