On 22:01 Mon 18 Jun , Colin Watson wrote: CW> On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote: >> Current installer have 2 options: >> 1.set root password >> 2.don't set root password >> In case 2. the configuration file sudo created with the next settings >> >> user ALL=(ALL) ALL >> >> I suggest to add an option: >> >> timestamp_timeout 0 >> >> This option will prevent getting root rights by malefactor who was >> succeed in getting shell on user account (for example through >> possible holes in brouser etc.) >> >> In current case a simple script that periodically runs 'sudo command' >> or more complicated script that follows for logs activity >> /var/log/auth and runs on this log activity 'sudo command' can get >> full control on a system where sudo configured by installer. CW> I don't think it's that simple. We tried that in Ubuntu three years ago, CW> and the net effect was that everyone got fed up of being prompted for CW> their password all the time and just ran 'sudo -s' to get a root shell. CW> We concluded that this was not a security win once we'd thought about it CW> in more detail, and reverted it. Please, see attached script. If run this script in the name of user, who is tuned to sudo (installator's tuning) than early or later script will create file ....
Description: Bourne shell script