[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting missing package during install

Tom H writes:

 > In the corporate environments where I work, we are about 70 sysadmins
 > in my location and about half as much in another. We all sudo to root
 > on our more or less 11,000 systems. So by your reckoning we have 100
 > critical accounts but that's not how our internal and external
 > security auditors see it.

If I understand it clearly, these sysadmins are trained users who
(hopefully)  understand what you should or should not do. I think that
"we all sudo" means "we the sysadmin".

If the situation is "one machine, one sudoer, no root" is like having
"one machine, one user, su, root can not log from the net". Slightly
less secure, but it should be really hard to insert some hijacker that
exploits credentials cache since the persons are properly trained.

 > Most of the people who have no idea that they have a critical are like
 > my parents, who have Unity installed on their laptops. When they're
 > prompted to update their systems, they do so and type in their
 > passwords when asked to, just like a Windows or OS X user. Not
 > everyone messes around with his/her configuration, uses terminals, or
 > whatever.

Are you sure that nobody will be able to hijack that use of sudo, even
from the graphic versions?

My opinion is that exploiting vulnerabilities like that will be
profitable for the "dark side users" when the number of users like
your parent will have reached a "critical number" (like in critical
mass).

BTW, Mac OS X users use a graphic form of sudo, i think w/o cache.

That will be the time that we will start to use antivirus programs on
GNU/linux like is common to do on Windows.

 > >>> Furthermore the sudo habit of keeping valid an authentication for a
 > >>> certain amount of time seems like an open door for malicious code
 > >>> injection.
 > >>
 > >> You can use the "timestamp_timeout" option to set this to zero.
 > >
 > > This should be the default, but is not.
 > 
 > I agree. But I suspect that, as someone else has pointed out, it would
 > annoy many people to have to type their password for every
 > sudo-prepended command.

If you  can use any  program with sudo,  just sudo bash  for prolonged
administrative tasks. And close the shell when finished.

Nevertheless, there is a place where sudo cache is handy. If you write
a script for some common users, it's better to use sudo for the
sensible command only rather than for the whole script.

In these  case the  optimum would  be to tell  sudo "starting  for now
cache the credentials for a very short  time - some seconds - and stop
caching when time  expires" the first time you "engage"  sudo and then
kill  the  caching before  leaving  the  script,  some sort  of  begin
transaction/commit.

Currently you can have only the very short cache time always.

-- 
 /\           ___                                    Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____               African word
  //--\| | \|  |   Integralista GNUslamico            meaning "I can
\/                 coltivatore diretto di software       not install
     già sistemista a tempo (altrui) perso...                Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: