Security Concerns with sudo (from PC Mag)

[Eric Dunbar]

On 4/21/05, Colin Watson <cjwatson at ubuntu.com> wrote:
> On Thu, Apr 21, 2005 at 11:31:02AM -0400, John DeCarlo wrote:
> > I received this last week or so.
> >
> > Basically it says to not let your system remember the password for 5
> > minutes (default with Ubuntu), so no nasty programs use sudo to mess
> > up your system.
> >
> > Obviously there is a compromise between security and convenience here.
> >
> > Is there any official position from Ubuntu folks on this issue?
> 
> We tried this briefly ages back, and reverted. The problem we found in
> practice with disabling the timeout was that it became so annoying that
> people tended to open a root terminal instead, which defeated the whole
> purpose.
> 
> Convenience is not always directly opposed to security: sometimes, if
> you make things inconvenient enough, users will simply choose to work
> around your security measures, and then you lose on both fronts.

Wouldn't two of the three suggestions be practical? Obviously a
time-out of 0 would create a path of frustration leading directly to
root.

How to avoid it:


According to the initial report, any of these steps will correct the problem:

1. Add the following lines to the /etc/sudoers file, in the "Defaults" section:
Defaults:ALL !syslog
Defaults:ALL logfile=/var/log/secure.log
This redirects the sudo logs to /var/log/secure.log (which has the
appropriate permissions and is a more appropriate log for
authentication components)

2. Add the following line to the /etc/sudoers file, in the "Defaults" section:
Defaults:ALL timestamp_timeout=0
This removes the password grace period and forces the user to
authenticate every time sudo is run.

3. Add the following line to the /etc/sudoers file, in the "Defaults" section:
Defaults:ALL tty_tickets
This limits the sudo grace period to individual ttys (terminal
sessions) and makes it much more difficult for a Trojan to compromise
the system using this technique.

Eric.