sudo without password

Fri Jun 9 17:29:58 UTC 2006

On Friday 09 June 2006 16:53, ubuntu at rio.vg wrote:

> As I recall, UNIX specifically chose it's current security model
> because the more secure ones (like access lists) required far more
> time and effort, and therefore are more likely to have holes left
> by the operators.

Correct. Thomson and Ritchie were part of the Multics team way way 
back and even though Multics had all the "proper" features like acls 
and was designed "properly", it was going nowhere at a very fast 
rate. T&R dumped this and went for something they could implement. 
It's the classic Stanford vs New Jersey clash - one is correct, the 
other one works.

> It's the human component, as you say.  If your security model is
> too much of a pain in the rear to set up and maintain, it will fall
> apart. Quite often, the simpler the solution, the more secure it
> will be in the long run.

This probably explains why SELinux is less prevalent than it should 
be, given it's capabilities

> I just first tried Ubuntu for the first time with the release of
> Dapper, and I was rather surprised it did not install a
> host-firewall by default.  I understand Ubuntu's take of "we don't
> install anything that listens", but that quickly falls apart when
> the user starts installing things like NFS that require portmap,
> for instance.

Now that's a good way to start a "vigorous discussion" (like the 
compiler one that's going on elsewhere). A port-based and a 
host-based firewall on a workstation seems like a good idea to us 
old-timers, but the problem with these is that they require an 
enormous amount of knowledge from the user. *I* can't remember which 
port imap runs on (that's why I have /etc/services), so I wouldn't 
expect the average user to know. Thanks to dhcp and dynamic ips, the 
average user can't be expected to filter hosts more fine than local 
network/not local network. I'm not saying that these problems can't 
be solved, it's just that I haven't seen a solution for them yet that 
is suitable for mass deployment.

> As an aside, another interesting notion, I think, was released with
> SuSE 10.1: AppArmor.  The idea is to restrict programs, rather than
> users. Effectively, you create access lists of what a particular
> program is allowed to access.  Much the same deal as chroot, but
> with far less hassle.  (Since you don't actually have to copy it
> all into a single path)

I keep intending to investigate this product and never get round to 
it. Is it so that the user can for example block everything except 
connections initiated by Firefox and Thunderbird, and allow incoming 
port 80? If so, that strikes me as a better approach than tcpd & 
iptables.

-- 
If only me, you and dead people understand hex, 
how many people understand hex?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five