Date: Thu, 25 Mar 1999 17:22:22 -0600 (CST) From: James Wyatt <jwyatt@RWSystems.net> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: "Bruce A. Mah" <bmah@CA.Sandia.GOV>, freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <Pine.BSF.4.05.9903251642150.23152-100000@kasie.rwsystems.net> In-Reply-To: <199903252044.MAA02527@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon wrote: > :> We used sudo for a little while 3 years ago, but I decided that it was > :> too big a security risk and wiped it. sudo is one of the stupidest > :> programs I've ever seen. Bruce replied: > :I'd be curious to hear what you think sudo's shortcomings are, and why it > :merits being labeled as one of the stupidest programs you've ever seen? Matthew replied: > Simple: Because the program is designed to poke holes through root and > run specified programs. It's fairly easy to misconfigure it, and there is > no guarentee that the programs it runs are themselves secure. sudo opens > up a whole can of potential security problems. Not the answer I expected. How are these different from giving the user the root password? The programs are run similarly - except that root's path almost never has '.'? It is easy to forget that some programs like 'vi' can do shell work, allowing the user to use *any* program, not just what they have been allowed to use. With a group of admins, I can revoke *any* one of them while keeping them around without 'sharing' new root passwords. It also logs which programs which users run, /bin/su does not - root command history is global. I can annoint a contractor or vendor's account for an emergency and de-annoint later, while still allowing them to view operation. The thing I don't like about it is that it makes programs like linsniffer more effective. It looks at TCP startups of telnet, FTP, pop, etc... and very nicely captures their password. Capturing root passwords from users 'su'-ing requires a *lot* more advanced sniffer or cracker intervention. This easily captured password is sufficient for root access if the user is allowed to do anything that might gain them shell. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903251642150.23152-100000>