sudo (was Re: basic - continued)
Graham Todd
grahamtodd2 at googlemail.com
Sat Feb 6 16:02:16 UTC 2010
On Sat, 6 Feb 2010 08:30:08 -0500
Elizabeth Krumbach <lyz at ubuntu.com> uttered these words:
> Actually, while this particular one didn't, a command in a pre/post
> install script in the package (which you're running with root
> permissions through apt or synaptic) could easily do something like
> enable the root account for an attacker to access, change
> ownership/permissions of vital system files, delete things, phone
> home... anything root can do and which can be scripted.
[snipped]
Unless I misunderstood, this is precisely the scenario that sudo was
devised to prevent.
In Ubuntu, users use the sudo command to duplicate the security
privileges of another user (usually root, or superuser, but it could be
any user). In traditional Linux distribution such as Debian, you have
different passwords for root and the user account: when you switch to
the root account and enter the password you enter that account a run it
with all its privileges. But when you call root privileges through the
sudo command, you are doing so *without* entering the root account, so
access is not available to "vital system files".
Of course, if you do enter the superuser account, by setting a password
for it for example, you run the risk of getting rootkits installed,
which is the reason I believe all systems should have effective rootkit
cleaners installed by default. But if you use only sudo to access root
privileges isn't the danger from rootkits (and their kin) vastly
reduced?
Am I incorrect? Is the danger with sudo as great, or is sudo a barrier?
--
Graham Todd
More information about the ubuntu-users
mailing list