Re: Could sudo be an security issue?
On Wednesday 14 May 2003 04:17 pm, Stewart James wrote:
> Hi all,
Hello Stewart,
> My manager just came in asking questions about sudo. We use sudo here as a
> replacement for hacing to know root passwords - in general there are
> around 5 of us who need root access to the machines we maintain. we
> typically have just fallen back to a ALL=ALL for ourselves so we can just
> prepend sudo to any command we need executed as root.
>
> Now in his mind this is removing a level of security. If someone manages
> to get my password, they also can gain access to root via sudo. IN an
> environment where I have 25+ machines, different passwords for all
> machines is not that workable.
>
> What are other peoples thoughts on this? Where have I gone wrong in
> implementation? What would be your recommendations in this case?
Well, as you probably guessed, this is a big can of worms. You are using sudo
the same way I am, and I believe it's proper. Some people might consider
this to be removing a 'layer' of security, sure - it essentially makes it so
any admin's password is just as good as the root password, to an intruder.
Think about a scenario in which this would actually make a difference. If
someone has cracked any admin's password, on a normal /etc/shadow-based
system, why couldn't they also crack root? Sure, perhaps one could be
sniffed, but that would point to another problem involving a lack of
encryption. One might argue that root should have a 'harder to crack'
password, but I would reply that administrators should be equally protected.
So, basically, if you would really trust the integrity of your current system
after some intruder has stolen an administrator password, then yes, using
sudo is probably a bad idea. Just go back to su, which has a seperate set of
risks involving sharing the single root password.
If you (or your manager) really want multi-layered theoretical security, you
should be taking advantage of SE Linux or something similar. (Cue Russell
Coker explaining how well it solves this problem ... :) ) Having a second
password for root might be an 'additional layer of security,' but IMHO it's a
pretty weak one.
- Keegan
Reply to: