On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote: > Andrei POPESCU writes: > > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote: > > > > > > sudo makes it a bit worse. Any user account opens the door to the root > > > account. Therefore you have to guard a larger perimeter. > > > > Could you please elaborate on this? In Debian's default configuration > > this is simply not true. > > In Debian default configuration you have 2 critical accounts instead > of one. You said 'any', but anyway...
> Think about this scenario: someone devises a clever way to slip a > Trojan in a user account. Ok. > Most of the people is at leas slightly less security-paranoid when > using their own account than they are with the root one. > > The Trojan could exploit sudo to gain access to the root account by > exploiting this lack of attention. Therefore you have to be paranoid > with TWO accounts. Or use a non sudo-capable account for ordinary work > and a sudo-capable one for administrative task. How difficult do you think it is to write a small program to present you a su-like password prompt. Drop that somewhere in your path (let's assume ~/bin, since only the user account is compromised). The first time you try to use 'su' it presents you a nice password prompt. When you type in the password it stores it in a safe place and then pretends you provided the wrong password and passes you to the real 'su' and deletes itself to cover any traces. I didn't try, but I think I could write this in a few lines of shell. The point I'm trying to make is that the root account is as vulnerable as the user account used to getting root. The additional password doesn't add any significant security. It's probably safer to disable root's password and use a really strong password for the user. > I am not logging on with X running! I ALWAYS start X from the shell, > that's after all the times I seen X11 crashing immediately under xdm... Still, there is much more code running as root that isn't supposed to (window manager, session manager, etc.) > The bug that allowed anybody to peek your keyboard should be > gone from a long time ago, nevertheless there are options to prevent > these when you initially enter the root password in a terminal. > > Doing su or sudo in a terminal is equally risky. No, there is much more code running as root and more importantly, code that was never meant to be run as root. Why do you think the Xorg developers moved so much of the video driver code to kernel modules? One of the benefits will be the ability to run X with less privileges. Now it's still running as root :( Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
