[NCLUG] Re: Who uses SUDO on production machines?
Sean Reifschneider
jafo at tummy.com
Mon Mar 19 00:39:37 MDT 2007
On Sun, Mar 18, 2007 at 09:36:42PM -0600, John L. Bass wrote:
>The problem, is that when you retract a sudo password, you are also never
>sure that the user didn't install a backdoor. You grant sudo access to users
Of course, that goes without saying... That's why I didn't say it. :-)
Any time you give someone enhanced access, they could use that both now and
in the future.
Of course, you could also be logging the sudo commands to a remote machine
which is secured against the untrusted trusted users, and in that way you
should be able to detect things that would be the start of a compromise.
You'd need to run some things in restricted mode so users can't jump out of
vim to run unlogged commands, or at least a shell that acts as a wrapper
and logs similarly.
>As an engineering solution, sudo is a hack at best, when compared to removing
Sudo, of course, predates most nifty security enhancements.
>Depending on the sudo varient, there is also the problem that it "caches"
>passwords for a fixed time, opening a window where a priv'd user can walk
>away from his console, and have the machine effectively logged in root since
>sudo will accept additional commands without a password till it times out.
Yep. That's why I have my laptop set up to lock the screen and do
2-factor authentication and drop my SSH keys when I close the lid. I'm in
the habit that if I walk away from the machine I close the lid.
Sean
--
"Sometimes Omaha can't be avoided."
-- Howard Borden the navigator, _Bob_Newhart_
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the NCLUG
mailing list