Re: Could sudo be an security issue?
On Wed, May 14, 2003 at 06:00:16PM -0700, Mark Ferlatte wrote:
> In addition, most administrator's accounts are root equivilent anyway, due to
> group memberships, etc. For example, you may have a nightly cron that runs as
> root that's editable by the adm group, of which all admins are members.
> Getting root in that case is as simple as putting something in the cron that
> makes a suid shell binary somewhere.
If they have to do something like that that takes a long time to get root,
you might catch them before they do. Absolute security is impossible, and
we are so far from it that you have to pay attention to it regularly if you
want any at all. Thus, anything that slows down an attacker from doing
whatever they are trying to do increases the chance that you will notice,
and reboot or unplug the network cable before they do any real damage. You
are using logcheck (or similar), right?
> In short: I also think you're using sudo correctly, but you need to be aware
> that all of the admin accounts are probably root equivalent, even without sudo.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: