Mailinglist Archive: opensuse (671 mails)
| < Previous | Next > |
Re: [opensuse] Risky ssh + sudo behaviour?
- From: Dave Howorth <dhoworth@xxxxxxxxxxxxxxxxx>
- Date: Wed, 01 Jun 2011 10:29:13 +0100
- Message-id: <4DE60669.50505@mrc-lmb.cam.ac.uk>
John Andersen wrote:
The whole point of sudo is to delegate authority to particular users. So
the only person who should know that user's password and be able to
login as them is that person themselves. If you're able to login as that
person you *are* that person, in sudo's security model. Indeed the
default is as ubuntu has it, that there is no root password; it's your
own password that you use to gain rootly power.
That setup increases auditability and accountability. It's always
possible to trace exactly who made some change and to know that it was
them that did it knowingly. At least, that's the theory.
Cheers, Dave
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
On 5/31/2011 3:40 PM, Anders Johansson wrote:
On Wednesday 01 June 2011 00:24:22 Edwin Helbert Aponte Angarita wrote:
I think this is a security issue. An unprivileged user that knows thatThey would first need to log in as the same user the admin was using. sudo
the system is maintained remotely using ssh and, perhaps, sudo, could
keep attempting to use sudo until they gets it.
won't do that for all users. It just remembers that you have already
authenticated once, and won't force you to do it again until some time later.
I think the point Edwin was trying to make was assume you ssh into
a remote machine _that is being used_ by an authorized users, and
you use that person's login and then issue a sudo command.
The regular user sitting at that remote machine can then issue another
sudo without knowing root's login (allegedly).
The whole point of sudo is to delegate authority to particular users. So
the only person who should know that user's password and be able to
login as them is that person themselves. If you're able to login as that
person you *are* that person, in sudo's security model. Indeed the
default is as ubuntu has it, that there is no root password; it's your
own password that you use to gain rootly power.
That setup increases auditability and accountability. It's always
possible to trace exactly who made some change and to know that it was
them that did it knowingly. At least, that's the theory.
Cheers, Dave
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |