Tom H writes:
> In the corporate environments where I work, we are about 70 sysadmins
> in my location and about half as much in another. We all sudo to root
> on our more or less 11,000 systems. So by your reckoning we have 100
> critical accounts but that's not how our internal and external
> security auditors see it.
If I understand it clearly, these sysadmins are trained users who
(hopefully) understand what you should or should not do. I think that
"we all sudo" means "we the sysadmin".
If the situation is "one machine, one sudoer, no root" is like having
"one machine, one user, su, root can not log from the net". Slightly
less secure, but it should be really hard to insert some hijacker that
exploits credentials cache since the persons are properly trained.
> Most of the people who have no idea that they have a critical are like
> my parents, who have Unity installed on their laptops. When they're
> prompted to update their systems, they do so and type in their
> passwords when asked to, just like a Windows or OS X user. Not
> everyone messes around with his/her configuration, uses terminals, or
> whatever.
Are you sure that nobody will be able to hijack that use of sudo, even
from the graphic versions?
My opinion is that exploiting vulnerabilities like that will be
profitable for the "dark side users" when the number of users like
your parent will have reached a "critical number" (like in critical
mass).
BTW, Mac OS X users use a graphic form of sudo, i think w/o cache.
That will be the time that we will start to use antivirus programs on
GNU/linux like is common to do on Windows.
> >>> Furthermore the sudo habit of keeping valid an authentication for a
> >>> certain amount of time seems like an open door for malicious code
> >>> injection.
> >>
> >> You can use the "timestamp_timeout" option to set this to zero.
> >
> > This should be the default, but is not.
>
> I agree. But I suspect that, as someone else has pointed out, it would
> annoy many people to have to type their password for every
> sudo-prepended command.
If you can use any program with sudo, just sudo bash for prolonged
administrative tasks. And close the shell when finished.
Nevertheless, there is a place where sudo cache is handy. If you write
a script for some common users, it's better to use sudo for the
sensible command only rather than for the whole script.
In these case the optimum would be to tell sudo "starting for now
cache the credentials for a very short time - some seconds - and stop
caching when time expires" the first time you "engage" sudo and then
kill the caching before leaving the script, some sort of begin
transaction/commit.
Currently you can have only the very short cache time always.
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
giĆ sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21163.15039.767802.409...@mail.eng.it
