[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting missing package during install

On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri <saint@eng.it> wrote:
> Lisi Reisz writes:
>> On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:


>>> If you look back in the mailing list archives you will find a
>>> recent discussion where there were some people who didn't like
>>> sudo. I was shocked by that because I always thought that most
>>> people liked it.
>>
>> Yes, I don't like it and always want a root password. As you say,
>> this is and has been contentious.

Having a password for root and having sudo installed and set up isn't
an either/or proposition.


> sudo has been introduced to give limited root power to a limited set
> of users, something in between using the root password (only the
> admins) and the setuid bit (all those that could run a program).

sudo isn't simply to switch to root and sudo isn't simply to switch to
another user. We have 6 or 7 more developers than sysadmins and the
developers have thousands of sudo rules with only some with access to
root (only to install their packages and only in certain teams).

I've never seen it done but you can also change the default runas user
for sudo for it not to be root, using the "runas_default" option.


> If some users needed to have the root power for a small set of
> operation, then sudo would give them that extact power, no more no
> less.
>
> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
> security? Are you kidding? Whatever the user I compromise I have root
> access, just type "sudo bash".

You seem to assume that everyone has "ALL" as the executable that can
be run via sudo. In OS X and Ubuntu (and in Fedora if you don't don't
opt-in in anaconda to set a root password) the first user is
considered an "administrator" and is set up to have access to sudo.
For any further user, the default is for him/her not to be an
administrator.


> Furthermore the sudo habit of keeping valid an authentication for a
> certain amount of time seems like an open door for malicious code
> injection.

You can use the "timestamp_timeout" option to set this to zero.

Is your malicious code injection scenario that a person or a program
is watching for you to use sudo so as to abuse this timeout? I'd say
that you have a bigger problem if a cracker already has that full an
access to your system.


> And if this not enough, sudo may become disruptive on machines with
> several users, unless all of them have the required skills (included
> the one of stopping and asking advice!) and common administration
> policies are accepted by all.

What's the difference between giving some of those users access to
root and giving those same ones sudo access to root?
Reply to: