At 17:10 6/14/00 -0400, Stephen Schaefer-NCS Sr SE wrote:
>If you configure sudo to let them create new users, what prevents them
>from creating a new user with UID=0? Let me guess that linuxconf and
>the rest of such administrative tools have been designed to be run by
>root, and, as such, haven't undergone the kind of security audit that
>would let you be confident that they couldn't be leveraged into wider
>access. You're root already, why do you need to be protected against
>yourself?
that would be a configuration error, not sudo's fault. if you want that level
of security then it's YOUR responsibility to make sure that whatever they
are allowed to run is properly secure, i.e. don't allow linuxconf, allow them
to run your own version of adduser. If you don't trust the tool to be secure
to begin with then sudo isn't going to add any security to that, it's really
more of a pseudo control over file access permissions (thus the name)
than it is a secure shell. (example bad sudo command to allow: 'sudo sh'
this results in a new shell with full root authority...) -=Chris (who uses
sudo daily.)
>Sudo is great for keeping honest folks honest, and its logs help you
>find the folks responsible for things so you can ask the right person
>why they did such-and-such and suggest alternatives.
exactly.
>As a security tool, it's only strong against the unsophisticated,
>i.e., not strong at all.
I'd argue that it shouldn't be, it fills the void between su and chmod 755
nicely... you don't have to go giving out the root password to everyone,
and you don't have to make scripts globally execable, or maintain a
bunch of custom groups, and you can do this without requiring complex
ACLs from the filesystem.
(note 1: the sudo we have at work that I use is old, and has had a couple
extras hacked in... this may have colored my view of it)
(note 2: this is a new mailer, so appologies in advance if it screws up the
formating)
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
