Mailinglist Archive: opensuse (671 mails)
| < Previous | Next > |
Re: [opensuse] Risky ssh + sudo behaviour?
- From: Petr Uzel <petr.uzel@xxxxxxx>
- Date: Wed, 1 Jun 2011 09:11:05 +0200
- Message-id: <20110601071105.GB28643@foxbat.suse.cz>
On Tue, May 31, 2011 at 05:42:40PM -0700, John Andersen wrote:
This is the default, but it can be overriden by setting "tty_tickets"
to off in /etc/sudoers. Edwin, you may want to check this.
Petr
--
Petr Uzel
IRC: ptr_uzl @ freenode
On 5/31/2011 3:40 PM, Anders Johansson wrote:
On Wednesday 01 June 2011 00:24:22 Edwin Helbert Aponte Angarita wrote:
I think this is a security issue. An unprivileged user that knows that
the system is maintained remotely using ssh and, perhaps, sudo, could
keep attempting to use sudo until they gets it.
They would first need to log in as the same user the admin was using. sudo
won't do that for all users. It just remembers that you have already
authenticated once, and won't force you to do it again until some time
later.
I think the point Edwin was trying to make was assume you ssh into
a remote machine _that is being used_ by an authorized users, and
you use that person's login and then issue a sudo command.
The regular user sitting at that remote machine can then issue another
sudo without knowing root's login (allegedly).
(If I'm interpreting Edwin's posting correctly.)
I'm don't think this really works, because cashing of sudo credentials
is specific to a login session, not specific to a user id.
This is the default, but it can be overriden by setting "tty_tickets"
to off in /etc/sudoers. Edwin, you may want to check this.
Petr
--
Petr Uzel
IRC: ptr_uzl @ freenode
| < Previous | Next > |