Choosing a distribution

Derek Broughton news at pointerstop.ca
Wed Nov 7 16:48:27 UTC 2007 

Paul Tansom wrote:

> ** Derek Broughton <news at pointerstop.ca> [2007-11-06 17:35]:

>> > As far as security goes, I can see more arguments against sudo for
>> > security. By enabling extra accounts to have access to root
>> > privileges via sudo you increase the number of accounts that could
>> > potentially be cracked and hence give the intruder root access.
>> 
>> No, that's completely wrong - unless you give everybody access to
>> everything, and even then it still means that the intruder has to find
>> a user with root access and then find their password.  If every user
>> who needs root access has the password, you already know the user ID
>> and the chance of cracking the password must increase exponentially
>> with the number of people who share it.  However, with sudo you can
>> give someone who needs to administer printers access to cups.  The
>> network admin can have access to network commands, etc.  Nobody needs
>> access to _everything_.
> 
> You mean the way Ubuntu has it configured then. The standard setup looks
> to be to allow access to everything via sudo. 

That's true of _one_ user.  If you have a root user, that's _still_ true of
one user.  All other users have only what you give them.

>> > As far as knowing the account name to try to attack, who ever allows
>> > root login access except via the console?
>> 
>> Unfortunately, many...
> 
> See above :)
> 
>> > By using sudo you have actually open up accounts that have root
>> > access and are remotely accessible - exactly the opposite of what a
>> > lot of people argue!
>> 
>> If you have given them the root password, they just log in as
>> themselves and do "su".  No difference.
> 
> True, but with sudo you use the password you've just cracked to get in,
> and with a root account you use a different password that now needs
> cracking as well.

It doesn't follow.  You're claiming "increased" security by use of a root
password, but then basing it all on somebody hacking your system.  The fact
is almost all security violations will occur either _by_ users who already
have legitimate access to your system, or by them compromising their own
accesses.  The root to increasing security, then, is granularization -
limit what authorized users can do, where they can do it, and how.

>> > Both the single root account and sudo fail fully satisfy root access
>> > requirements, but for me, on a single admin box, I tend to prefer a
>> > single root account on the basis of better security.
>> 
>> Sorry, that's just not supportable, and your arguments so far haven't
>> shown any reason it would be true.  -- derek
> 
> Well, they both fail to log adequately from a shell, whether you access
> that via sudo or root. 

I knew as soon as I posted that, I should have trimmed a bit more - I agree
on the logging issue.  I disagree only with the last phrase "on the basis
of better security".
-- 
derek

More information about the ubuntu-users mailing list