Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]

To: Damon Muller <dm-debian-user@empire.net.au>
Cc: "Debian user list \(undigested\)" <debian-user@lists.debian.org>
Subject: Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
From: William T Wilson <fluffy@snurgle.org>
Date: Tue, 31 Oct 2000 23:47:13 -0500 (EST)
Message-id: <Pine.LNX.4.21.0010312341060.18859-100000@benatar.snurgle.org>
In-reply-to: <20001101153943.C4139@empire.net.au>

On Wed, 1 Nov 2000, Damon Muller wrote:

> Without actually knowing your password, which sudo requires, having
> your account *isn't* equivalent to having root.

It's certainly possible to build a "rootkit" style setup which would be
suitable for converting a privileged account into root.

What if I write aliases for 'ls' and other common file utilities to
conceal my existence, and install a trojan 'passwd' or 'sudo' program (or
something along those lines) which (in addition to passing all your
arguments to the real program) also logs and secretly reports your
keystrokes?

Counting on someone with access to your account to not eventually get hold
of your password, is almost like counting on a chroot() jail to contain
someone with root access.  It's a nuisance and can slow down an attacker
(or stop an inept one) but really doesn't provide much additional
security against a quality attacker.

Reply to:

References:
- Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
  - From: Damon Muller <dm-debian-user@empire.net.au>

Prev by Date: Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
Next by Date: Re: Debian / Free Java
Previous by thread: Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
Next by thread: Re: Security of sudo [was: Re: /usr/bin before /usr/local/bin?]
Index(es):
- Date
- Thread