[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account

You make a good point, even if one of your examples is flawed:

$ sudo 'cat s >> /etc/sudoers'
sudo: cat s >> /etc/sudoers: command not found

sudo is a very useful tool in the type of situation described in this
thread. Even if you give everyone ALL=(ALL) ALL, it's better than su
or even .ssh/authorized_keys{,2} because of one thing in particular:

It's looooooooog! It's loooooooooog! It's big! It's heavy! It's wood!

Okay, so it's not really big or heavy, nor remotely wood. But it does
give you things like this to peer at later:

Jul  6 17:24:59 gobo sudo:   vineet : TTY=pts/1 ; PWD=/tmp/ucspi-tcp ;
USER=root ; COMMAND=/usr/bin/dpkg -i
Jul  6 17:32:10 gobo sudo:   vineet : TTY=pts/2 ; PWD=/etc/init.d ;
USER=root ; COMMAND=/etc/init.d/qmail restart

Which can be very useful. It's not foolproof by any means, and as you
demonstrate, can usually be trivially reduced to su, but it's better
as a *standard* way of doing things on a system on which multiple people
play root. If you can't trust those people, then you're screwed no
matter what tools you use.


* Ethan Benson (erbenson@alaska.net) [010706 16:27]:
> On Fri, Jul 06, 2001 at 09:43:55AM -0500, Nathan E Norman wrote:
> > 
> > OTOH if you restrict the user to a list of commands in /etc/sudoers,
> > it's wise to consider whether the user might be able to leverage one of
> > those commands to edit /etc/sudoers (or any other file).  If you're
> > going to list "emacs" or "vi" in /etc/sudoers, you might as well just
> > list "ALL" :)
> or even seemingly innocuous things like less or even cat.  
> sudo less anything
> !/bin/sh
> whoami
> r00t!
> echo me ALL=ALL > s
> sudo 'cat s >> /etc/sudoers'
> sudo is a very large cannon which is difficult to keep aimed away from
> the foot...
> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/

Attachment: pgpPVp_406Pvj.pgp
Description: PGP signature

Reply to: