Re: Reporting missing package during install
Andrei POPESCU writes:
> On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
> > Andrei POPESCU writes:
> > > On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
> > > >
> > > > sudo makes it a bit worse. Any user account opens the door to the root
> > > > account. Therefore you have to guard a larger perimeter.
> > >
> > > Could you please elaborate on this? In Debian's default configuration
> > > this is simply not true.
> >
> > In Debian default configuration you have 2 critical accounts instead
> > of one.
>
> You said 'any', but anyway...
Indeed. 'Any' was wrong, my error.
But overlooking the criticality of even ONE account may be too much.
> > Think about this scenario: someone devises a clever way to slip a
> > Trojan in a user account.
>
> Ok.
>
> > Most of the people is at leas slightly less security-paranoid when
> > using their own account than they are with the root one.
> >
> > The Trojan could exploit sudo to gain access to the root account by
> > exploiting this lack of attention. Therefore you have to be paranoid
> > with TWO accounts. Or use a non sudo-capable account for ordinary work
> > and a sudo-capable one for administrative task.
>
> How difficult do you think it is to write a small program to present you
> a su-like password prompt.
This is ludicrously easy. To write it really stealth is not so easy.
But I was not thinking about "pretending to be some other code" or
"store somewhere your input". I was thinking about hijacking the
stdin/stdout (not a tee) to inject malicious commands.
> Drop that somewhere in your path (let's
> assume ~/bin, since only the user account is compromised).
You assume that ~/bin comes first. If it is not true...
> The point I'm trying to make is that the root account is as vulnerable
> as the user account used to getting root. The additional password
> doesn't add any significant security. It's probably safer to disable
> root's password and use a really strong password for the user.
You are right on all but one point: as I said before, everybody is
aware of the importance of root. On the other hand most people thinks
"they will at most hit my user account". And they neglect that their
user account may be the perfect beach head to access root.
> > I am not logging on with X running! I ALWAYS start X from the shell,
> > that's after all the times I seen X11 crashing immediately under xdm...
>
> Still, there is much more code running as root that isn't supposed to
> (window manager, session manager, etc.)
On my machine, the only X-related program running as 0:0 is X.
> developers moved so much of the video driver code to kernel modules? One
> of the benefits will be the ability to run X with less privileges. Now
> it's still running as root :(
Some part of the drives can be moved to the kernel and handling the
hardware is kernel job.
On the other hand X is at least 20 years old and since then people is
aware of the problem.
I think that a lot less people is aware of the possible problems with
sudo. Personally I will reconfigure it...
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: