Re: sudo security Was: Reporting missing package during install
On 12/12/13 08:20, Gian Uberto Lauri wrote:
Iain M Conochie writes:
> On 11/12/13 08:01, Gian Uberto Lauri wrote:
> > > Encrypt your hard disk.
> >
> > Hoping that the encryption you use has no backdoor.
> You do understand what the peer review process is right?
I got it about 20 years ago. Is it enough?
Mayeb - just maybe ;)
> Although not a
> magic bullet, it can help weed this out.
You say it. It is not bullet proof. The bullet has already pierced the
target once. Therefore it may happen again.
May - but not assured.
<snip>
But I still think that
"That once one has his hands on the hardware there is no
user/prom/bios password stopping his intrusion."
means that no password at all will stop an intruder that can
physically reach a machine.
Then I guess i should have stated passphrase for your encryption, not
password for access to the machine.
<snip>
I think that the security problems that sudo could pose with the
default configuration could really be "useful" in a situation where
you need a large number of bots. What could trigger this? a large user
base with a majority of non-tech aware users.
Wait - so by default you mean having a NOPASSWD entry or have an entry
that allows certain users to enter a password when using sudo and then
having a time where they do not need to? - The reason I ask is that I
have never seen a NOPASSWD entry be default.
The 2nd one is probably the best trade off between security and usability.
On any multiuser system, the access to root account should be limited.
This is the whole point of sudo. On a home machine I guess you can argue
you do not really need it. Surely it is more secure to give users
limited root access that you control and is logged rather then everyone
having the root password?
Cheers
Iain
Reply to: