[NTLUG:Discuss] Ubuntu's use of sudo

Wayne Walker wwalker at bybent.com
Mon Jul 17 00:16:13 CDT 2006 

I suspect they are referring to someone who logs in as root and runs
that way all the time (whether the whole GUI is root, or just one
long-lived rootterminal.

1. If you walk away, there is a root terminal anyone can use in your
absence.

2. If you are always logged in as root, things like this can be
devastating:

You meant to type :

\rm -rf /*.test

You typed 

\rm -rf /* test

Or you are in your home dir in a terminal and you decided to remove some
files, someone walks up and talks to you.  You do stuff as root.  Then
you run "rm -rf *" taking up where you left off when you were
interrupted. Too bad you were still in that root shell at /.

These aren't fabricated what if's I've seen / done them.

if you use sudo all the time, you are more careful about what you run
via sudo.  And if you run sudo all the time, people can't just walk up
and be root when you run to the bathroom or to grab a coke.

On Sun, Jul 16, 2006 at 02:33:27PM -0500, Terry Henderson wrote:
> Was just doing a bit of research on the difference in philosophy we
> see with Ubuntu and was reading sections "Benefits of using sudo" and
> following sections "Downsides of using sudo" and  "Misconceptions" at
> https://help.ubuntu.com/community/RootSudo and the sentence that
> interested  me most was, "The sudo approach reduces the likelihood of
> a root shell being left open indefinitely, and encourages the user to
> minimize their use of root privileges."  The part that interested me
> most was the part about leaving a root shell open indefinitely.  Is
> that really a vulnerability issue?  If so, how so?  Can anyone explain
> that?
> -- 
> Registered Linux User 188099
>                   <><
> 
> _______________________________________________
> http://ntlug.pmichaud.com/mailman/listinfo/discuss

-- 

Wayne Walker

www.unwiredbuyer.com - when you just can't be by the computer

wwalker at bybent.com                    Do you use Linux?!
http://www.bybent.com                 Get Counted!  http://counter.li.org/
Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
IRC:     wwalker on freenode.net

More information about the Discuss mailing list