> Then I guess i should have stated passphrase for your encryption, not
> password for access to the machine.
A good passphrase for the encription will slow down (even halt if you
are lucky) an attacker that has complete control of your machine,
while no password will protect a computer that is physically in the
hands of the enemy.
Is that a statement we can agree ? BTW, it's my point of view.
> > I think that the security problems that sudo could pose with the
> > default configuration could really be "useful" in a situation where
> > you need a large number of bots. What could trigger this? a large user
> > base with a majority of non-tech aware users.
>
> Wait - so by default you mean having a NOPASSWD entry or have an entry
> that allows certain users to enter a password when using sudo and then
> having a time where they do not need to? - The reason I ask is that I
> have never seen a NOPASSWD entry be default.
No, having one user with ALL=(ALL) ALL by default AND having
credential caching.
The problem is not strictly technical. There is no technical difference in
guarding an account with id 0:0 that you can access by direct logon or
having root unreachable by logon and one user that can become root via
su or sudo.
The problem is in the usage of the account, it's a psychological one:
your everyday account is your everyday account, and using it with
strict security - as appropriate for an administrative account - could
be what someone labels "a PITA". And this relaxed behaviour may lead
to security breaches.
Credential cache hijacking in sudo is one of the paths an attacker may
use: the change of the timestamp was a trivial one to find and has
been fixed; I fear that subtler attacks may be possible.
And in these case is not that sudo is misbehaving. My opinion is that
the poor program as been abused.