[NTLUG:Discuss] Virus / Worm problems
Wayne Walker
wwalker at bybent.com
Fri Oct 6 13:22:55 CDT 2006
On Fri, Oct 06, 2006 at 11:08:06AM -0700, schpenke at juicymumpy.net wrote:
> Hello.
>
> I disagree with this statement. SUDO is meant to provide a privileged
> command set to a user base while maintaining accountability and system
> integrity because each SUDO action is associated with a user ID in
> syslog. This in and of itself makes it more secure than functions
> performed by a separate ROOT user because all privileged functions
> executed by ROOT are simply logged as performed by "ROOT".
Logging something does not increase security. Only tracability after
the fact.
Having joeuser's passwd control root access, or worse 20 different users
passwords makes it much more likely that root access can be attained
through finding a weak password for any one of the users who have sudo
access, or by dropping a trojan to one of the users with sudo access.
I LIKE sudo. I use it a lot. But having a newbie, who probably chooses
an unsecure password, have full sudo access makes the root exploitation
easier.
> Also, you are assuming that SUDO is configured to allow all users access
> to all privileged functions. This should never be the case in a
> multi-user system. Your SUDO command set should be weighed and
> assigned according to the least privilege security model just like any
> other function in a secured, multi-user system.
Agreed, but on Ubuntu joeuser automatically has full sudo access.
In a corporate deployment you may change that, but the default is that
the main user of the machine has unrestricted sudo access.
--
Wayne Walker
www.unwiredbuyer.com - when you just can't be by the computer
wwalker at bybent.com Do you use Linux?!
http://www.bybent.com Get Counted! http://counter.li.org/
Perl - http://www.perl.org/ Perl User Groups - http://www.pm.org/
Jabber: wwalker at jabber.gnumber.com AIM: lwwalkerbybent
IRC: wwalker on freenode.net
More information about the Discuss
mailing list