Re: Reporting missing package during install
Andrei POPESCU writes:
> On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> >
> > sudo makes it a bit worse. Any user account opens the door to the root
> > account. Therefore you have to guard a larger perimeter.
>
> Could you please elaborate on this? In Debian's default configuration
> this is simply not true.
In Debian default configuration you have 2 critical accounts instead
of one.
Think about this scenario: someone devises a clever way to slip a
Trojan in a user account.
Most of the people is at leas slightly less security-paranoid when
using their own account than they are with the root one.
The Trojan could exploit sudo to gain access to the root account by
exploiting this lack of attention. Therefore you have to be paranoid
with TWO accounts. Or use a non sudo-capable account for ordinary work
and a sudo-capable one for administrative task.
And we are back with two accounts, but with 3 homes :)
> > > > Furthermore the sudo habit of keeping valid an authentication for a
> > > > certain amount of time seems like an open door for malicious code
> > > > injection.
> > >
> > > 1. this can be turned off
> >
> > It should by default, or the configuration should be more flexible and
> > interactive.
> >
> > Even rewriting the configuration-file-handling-code in sudo could be a
> > good idea :>.
>
> Huh?
sudo configuration is a bit clunky, not plain and intuitive.
> You are of course
> aware that you can configure sudo to only allow specific commands,
> right?
And this is what sudo is for: grant the minimum required power.
Default configuration should be: sudo grants nothing to nobody, the
sysadmin should add what required.
This (ab)use of sudo makes good practices less evident.
> > I have to do X commands as root? I su root, do the X command and close
> > the session.
Sorry for the poor wording, I am all but an English native speaker.
I meant the "root shell started with su" when I wrote "session".
I understand that "session" is very easily misunderstood as "X11
session", my wording error.
> >
> > With the off-the-shelf configuration, the simplest thing to do is sudo
> > bash.
>
> Sorry, but I can't see the connection between those two.
Tell me what changes between 'su -' and 'sudo bash'. Despite the
password you must type.
> Besides,
> logging in as root under X is a big no-no, there are much safer ways to
> run X programs as root (though I don't remember the last time I needed
> to do this).
I am not logging on with X running! I ALWAYS start X from the shell,
that's after all the times I seen X11 crashing immediately under xdm...
The bug that allowed anybody to peek your keyboard should be
gone from a long time ago, nevertheless there are options to prevent
these when you initially enter the root password in a terminal.
Doing su or sudo in a terminal is equally risky.
> > Mine talk about a group with a sysadmin where having "all this
> > freedom" to sudo lead to a waste and misallocation of resources that
> > took some *months* to fix.
> >
> > Yes, policies should have prevented this, but this use of sudo leads
> > users to feel less "the danger" that lies beneath using administrative
> > privileges in a system. It's a psychological barrier that you should
> > not underestimate.
>
> The default configuration doesn't grant privileges to anyone. The
> sysadmin is responsible for granting additional privileges only to
> properly trained/responsible/etc. persons.
True. It was a case of people doing cut'n'paste of the line, sudo
standard configuration is not to blame.
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: