[NTLUG:Discuss] Virus / Worm problems

schpenke at juicymumpy.net schpenke at juicymumpy.net
Fri Oct 6 13:08:06 CDT 2006 

Hello.

I disagree with this statement.  SUDO is meant to provide a privileged
command set to a user base while maintaining accountability and system
integrity because each SUDO action is associated with a user ID in
syslog.  This in and of itself makes it more secure than functions
performed by a separate ROOT user because all privileged functions
executed by ROOT are simply logged as performed by "ROOT".

Also, you are assuming that SUDO is configured to allow all users access
to all privileged functions.  This should never be the case in a
multi-user system.  Your SUDO command set should be weighed and
assigned according to the least privilege security model just like any
other function in a secured, multi-user system.

-S

> -------- Original Message --------
> Subject: Re: [NTLUG:Discuss] Virus / Worm problems
> From: Wayne Walker <wwalker at bybent.com>
> Date: Fri, October 06, 2006 10:19 am
> To: Eric Waguespack <ewaguespack at gmail.com>
> Cc: NTLUG Discussion List <discuss at ntlug.org>
>
> Oops.  I was thinking of Knoppix.  They use sudo and do not require a
> password.  That essentially means any machine booted in Knoppix, if
> exploited at the user level is instantly a root exploit.
>
> Ubuntu at least requires a password.
>
> BUT.  sudo is still less secure than a separate root user.  With
> sudo, the inexperienced user's password (probably easy to guess, easier
> to grab with a trojan script) is all that protects the castle.
>
> On Fri, Oct 06, 2006 at 10:05:02AM -0500, Eric Waguespack wrote:
> > sorry... your going to have to help me with this.
> >
> > You are saying that the use of sudo is less secure than using root?
> > Either I misunderstood you or I need to go back to Unix 101.
> >
> > Please enlighten me.
> >
> >
> > On 10/6/06, Wayne Walker <wwalker at bybent.com> wrote:
> > >On Fri, Oct 06, 2006 at 09:33:25AM -0500, Terry Henderson wrote:
> > >> Ubuntu uses sudo for everything and has no root user account, (it is
> > >> dissabled by default).
> > >> BUT, it can easily be enabled;
> > >>
> > >>    sudo passwd root
> > >> and then dissabled again:
> > >>    sudo passwd -1 root
> > >>
> > >> Does this make Ubuntu more or less secure?
> > >MUCH less secure.
> > >
> > >--
> > >
> > >Wayne Walker
> > >
> > >www.unwiredbuyer.com - when you just can't be by the computer
> > >
> > >wwalker at bybent.com                    Do you use Linux?!
> > >http://www.bybent.com                 Get Counted!  http://counter.li.org/
> > >Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
> > >Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
> > >IRC:     wwalker on freenode.net
> > >
> > >_______________________________________________
> > >http://www.ntlug.org/mailman/listinfo/discuss
> > >
>
> --
>
> Wayne Walker
>
> www.unwiredbuyer.com - when you just can't be by the computer
>
> wwalker at bybent.com                    Do you use Linux?!
> http://www.bybent.com                 Get Counted!  http://counter.li.org/
> Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
> Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
> IRC:     wwalker on freenode.net
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list