Re: sudo security Was: Reporting missing package during install

To: debian-user <debian-user@lists.debian.org>
Subject: Re: sudo security Was: Reporting missing package during install
From: Joel Rees <joel.rees@gmail.com>
Date: Mon, 16 Dec 2013 19:29:40 +0900
Message-id: <[🔎] CAAr43iMy_sw7OZ+e5ea573UzJae3=g48wREfWuQBqKwNPubZXg@mail.gmail.com>
In-reply-to: <[🔎] 20131211112828.GJ7879@tal>
References: <[🔎] 20131209094043.GQ3239@sid.nuvreauspam> <[🔎] 21159.15609.383614.22901@mail.eng.it> <[🔎] 87iouwk4pd.fsf@thumper.dhh.gt.org> <[🔎] 6261204.3WviBqbffP@twilight> <[🔎] 21159.19977.484330.793514@mail.eng.it> <[🔎] 10122013193800.fa2b41bdc685@desktop.copernicus.demon.co.uk> <[🔎] B0DD9090-5EF0-4B97-92B0-568552A6B57F@eng.it> <[🔎] 20131211112828.GJ7879@tal>

On Wed, Dec 11, 2013 at 8:28 PM, Chris Bannister
<cbannister@slingshot.co.nz> wrote:
> On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
>>
>> What makes root special is not the name but the numerical user id and group id, bot set to zero. See /etc/passwd.
>
> Don't you have to be logged in to do that?

Sort of.

Holes in browsers can provide the effective login, however.

> The issue was that there would be only one exploitable account, if root
> was disabled by installing sudo.

And not only that, the attacker has to look in both /etc/passwd and
/etc/group. That's two files to open if the javascript or other
plugin-type vulnerability doesn't provide a full shell.

Of course, one could argue that the name of the sudo-enabled admin
group should not be sudo, ...

... and it might be useful to provide decoy fake users that are
members of de-natured wheel, admin, sudo, etc. groups. (Use a little
careful randomness in setting the password field in shadow to make the
passwords for said decoys unguessable, just to raise the wall another
foot or two.)

Pursuing this thought would suggest that the install process "invent"
a random admin group name, but there would remain a few clues behind.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to:

References:
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: sudo security Was: Reporting missing package during install
  - From: John Hasler <jhasler@newsguy.com>
- Re: sudo security Was: Reporting missing package during install
  - From: yaro@marupa.net
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: sudo security Was: Reporting missing package during install
  - From: Brian <ad44@cityscape.co.uk>
- Re: sudo security Was: Reporting missing package during install
  - From: Gian Uberto Lauri <gianuberto.lauri@gmail.com>
- Re: sudo security Was: Reporting missing package during install
  - From: Chris Bannister <cbannister@slingshot.co.nz>

Prev by Date: Re: Using the GPU on the Intel i7-477
Next by Date: Crypt Folder
Previous by thread: Re: sudo security Was: Reporting missing package during install
Next by thread: Re: sudo security Was: Reporting missing package during install
Index(es):
- Date
- Thread