Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?
  • From: Roger Oberholtzer <roger@xxxxxx>
  • Date: Fri, 02 Mar 2012 08:21:19 +0100
  • Message-id: <1330672879.24308.19.camel@acme.pacific>
On Thu, 2012-03-01 at 19:00 -0500, Patrick Shanahan wrote:
* Roger Oberholtzer <roger@xxxxxx> [03-01-12 02:40]:
On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:

read man sudoer

See my earlier response to Patrick on this. sudo is all-or-nothing for
the program. You cannot restrict a single program to a subset of root
permissions. You get them all.


This is *not* so. Have you looked at /etc/sudoers?

Indeed I have. I even use it. We are defining 'command' differently.
When discussing root permissions, I define commands at the OS level.
read(2), write(2) and the like. In any running application, these are
the things that will fail when permissions are inadequate. Unless the
binary is read/execute only for root (oddly most are not), anyone can
run a root application - up to where one of these system calls fails
because of permissions.

sudo lets me run a complete binary application as a different user. If
that user is root, then every system command in the binary gets root
permissions. Not just a select set. As a result, you have to trust that
the entire binary behaves itself. I think security guys are right in
thinking this a bit of a risk.

I do not need global root access for all available system calls in an
application to solve my issues. That is what sudo provides. Something
along the line of 'capabilities' is more in line. I just need a select
few things. I suspect that this is the case of many things being
discussed.



<quote>

##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top

##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/sbin/reboot !log_output

## In the default (unconfigured) configuration, sudo asks for the root
## password.
## This allows use of an ordinary user account for administration of a
## freshly
## installed system. When configuring sudo, delete the two
## following lines:
Defaults targetpw # ask for the password of the target user i.e. root
ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults
targetpw'!
</quote>

from the man page
DESCRIPTION

sudo allows a permitted user to execute a command as the superuser
or another user, as specified by the security policy. The real and
effective uid and gid are set to match those of the target user, as
specified in the password database, and the group vector is
initialized based on the group database (unless the -P option was
specified).


and users can be added to groups which have permissions to do *specific*
things, ie: wheel, wwwrun

--
(paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
http://en.opensuse.org openSUSE Community Member
Registered Linux User #207535 @ http://linuxcounter.net

Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
roger.oberholtzer@xxxxxxxxxx
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread