Re: Could sudo be an security issue?

To: debian-security@lists.debian.org
Subject: Re: Could sudo be an security issue?
From: lemuel typhair <ltyphair@perdido.mine.nu>
Date: Wed, 14 May 2003 18:57:05 -0500
Message-id: <3EC2D7D1.1060100@perdido.mine.nu>
Reply-to: ltyphair@perdido.mine.nu
In-reply-to: <Pine.LNX.4.53.0305150904530.14598@rave.its.vu.edu.au>
References: <Pine.LNX.4.53.0305150904530.14598@rave.its.vu.edu.au>

going back to root means that you do not know who did what. sudo getslogged, so you know who did what. that is way more important securitywise than not running sudo and having 5 people use root wih no logging.the second hing is that if you did wan to limit people to certaincommands you can. with out it you are forced to give them rot, and thatmeans unlimited power.



Stewart James wrote:

Hi all,

My manager just came in asking questions about sudo. We use sudo here as a
replacement for hacing to know root passwords - in general there are
around 5 of us who need root access to the machines we maintain. we
typically have just fallen back to a ALL=ALL for ourselves so we can just
prepend sudo to any command we need executed as root.

Now in his mind this is removing a level of security. If someone manages
to get my password, they also can gain access to root via sudo. IN an
environment where I have 25+ machines, different passwords for all
machines is not that workable.

What are other peoples thoughts on this? Where have I gone wrong in
implementation? What would be your recommendations in this case?

Cheers,

Stewart

Reply to:

Follow-Ups:
- Re: Could sudo be an security issue?
  - From: Halil Demirezen <halild@bilmuh.ege.edu.tr>

References:
- Could sudo be an security issue?
  - From: Stewart James <stewart.james@vu.edu.au>

Prev by Date: Could sudo be an security issue?
Next by Date: Re: Could sudo be an security issue?
Previous by thread: Could sudo be an security issue?
Next by thread: Re: Could sudo be an security issue?
Index(es):
- Date
- Thread