Choosing a distribution
Derek Broughton
news at pointerstop.ca
Wed Nov 7 16:48:27 UTC 2007
Paul Tansom wrote:
> ** Derek Broughton <news at pointerstop.ca> [2007-11-06 17:35]:
>> > As far as security goes, I can see more arguments against sudo for
>> > security. By enabling extra accounts to have access to root
>> > privileges via sudo you increase the number of accounts that could
>> > potentially be cracked and hence give the intruder root access.
>>
>> No, that's completely wrong - unless you give everybody access to
>> everything, and even then it still means that the intruder has to find
>> a user with root access and then find their password. If every user
>> who needs root access has the password, you already know the user ID
>> and the chance of cracking the password must increase exponentially
>> with the number of people who share it. However, with sudo you can
>> give someone who needs to administer printers access to cups. The
>> network admin can have access to network commands, etc. Nobody needs
>> access to _everything_.
>
> You mean the way Ubuntu has it configured then. The standard setup looks
> to be to allow access to everything via sudo.
That's true of _one_ user. If you have a root user, that's _still_ true of
one user. All other users have only what you give them.
>> > As far as knowing the account name to try to attack, who ever allows
>> > root login access except via the console?
>>
>> Unfortunately, many...
>
> See above :)
>
>> > By using sudo you have actually open up accounts that have root
>> > access and are remotely accessible - exactly the opposite of what a
>> > lot of people argue!
>>
>> If you have given them the root password, they just log in as
>> themselves and do "su". No difference.
>
> True, but with sudo you use the password you've just cracked to get in,
> and with a root account you use a different password that now needs
> cracking as well.
It doesn't follow. You're claiming "increased" security by use of a root
password, but then basing it all on somebody hacking your system. The fact
is almost all security violations will occur either _by_ users who already
have legitimate access to your system, or by them compromising their own
accesses. The root to increasing security, then, is granularization -
limit what authorized users can do, where they can do it, and how.
>> > Both the single root account and sudo fail fully satisfy root access
>> > requirements, but for me, on a single admin box, I tend to prefer a
>> > single root account on the basis of better security.
>>
>> Sorry, that's just not supportable, and your arguments so far haven't
>> shown any reason it would be true. -- derek
>
> Well, they both fail to log adequately from a shell, whether you access
> that via sudo or root.
I knew as soon as I posted that, I should have trimmed a bit more - I agree
on the logging issue. I disagree only with the last phrase "on the basis
of better security".
--
derek
More information about the ubuntu-users
mailing list