[NTLUG:Discuss] Ubuntu's use of sudo
Greg Edwards
greg at nas-inet.com
Sun Jul 16 18:19:08 CDT 2006
Terry Henderson wrote:
> interested me most was, "The sudo approach reduces the likelihood of
> a root shell being left open indefinitely, and encourages the user to
> minimize their use of root privileges." The part that interested me
> most was the part about leaving a root shell open indefinitely. Is
> that really a vulnerability issue? If so, how so? Can anyone explain
> that?
Basically the short simple answer,
A sudu shell really has a parent that is the shell that the user started
it from. The *nix OSs terminate the children of the parent shell when it
terminates. When the user logs off they're login shell gets terminated,
and therefore, the parent of the sudu session terminates its children.
A root shell is, by default, a child of init, which is the parent for the
entire running system. Since root is never, technically, logged off,
roots' children are not terminated. They can get inherited by init itself.
Remember I said the short "simple" answer ;) If you want the long winded
detailed answer, be prepared to read lots of stuff.
IHTH
--
Greg Edwards
More information about the Discuss
mailing list