AW: [suse-amd64] OFF-TOPIC - *very* bad
Dear listmembers, I discovered this accidentally and never ever had had thought that something like this could happen. There are cases where a "sudo" option IMHO is preferrable over an extra root login on some console window, this is why I use it on a common base. And, when installing sudo, I cannot remember having been warned about something like this. Ok, ok, it is a RTFM issue. Nevertheless I cannot see a good reason to use 5 min password asking timeout as the default - I think that 0 min would be appropriate - whoever needs it shorter, can set it accordingly - but on his / her own risk. I think it would be a good policy for SuSE to change this as it is a risk that is adjustable and leaks should - IMHO - not be open as default. Thanks for all your feedback, take care Dieter Jurzitza -- ________________________________________________ HARMAN BECKER AUTOMOTIVE SYSTEMS Dr.-Ing. Dieter Jurzitza Manager Hardware Systems System Development Industriegebiet Ittersbach Becker-Göring Str. 16 D-76307 Karlsbad / Germany Phone: +49 (0)7248 71-1577 Fax: +49 (0)7248 71-1216 eMail: DJurzitza@harmanbecker.com Internet: http://www.becker.de
-----Ursprüngliche Nachricht----- Von: Ken Siersma [mailto:siersmak@ekkinc.com] Gesendet: Dienstag, 15. November 2005 10:09 An: suse-amd64@suse.com Betreff: Re: [suse-amd64] OFF-TOPIC - *very* bad
Also, this feature is not Suse specific. The sudo memory is (I think) standard for sudo on most distributions (at least RedHat and Fedora, which I can verify). Nevertheless, it is indeed a security issue.
Cheers,
Tim --- Siegbert Baude
wrote: Jerry Westrick schrieb:
On Tuesday 15 November 2005 11:15, Jurzitza, Dieter wrote:
Dear listmembers, a big please: could you try
sudo -s <ROOTPASSWD> ROOTSHELL Ctrl-d (back to original shell)
sudo -s ROOTSHELL !!!! No question for password. This should never happen. !!!! Ctrl-d (back to original shell)
I perceive this as a serious bug. I see this here on SuSE 9.3 (both amd64 and i586) and have no other platform to test - any feedback is highly appreciated! The system asks again for the
Tim Janssen wrote: password after a
certain amount of time (10min to 30min). I haven't debugged this with too much depth. Thanks in advance, take care
Dieter Jurzitza
Ditto SUSE 10.0 Pro (Comercial)...
The same on SUSE 9.2, but this is not a bug, it's a feature. "Man sudo" reveals this in the first paragraph, in the paragraph about sudo security you also find interesting pieces of information. To change this "man sudoers" says:
timestamp_timeout Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.
Ciao Siegbert
-- Check the List-Unsubscribe header to unsubscribe For additional commands, email: suse-amd64-help@suse.com
AFAIK, it has been standard practice for quite some time to not install sudo if you are concerned about security. I don't have it on my home system which has a direct connection to the internet, with good reason, or my firewall at work, which I installed a good 3 years ago.
-- Check the List-Unsubscribe header to unsubscribe For additional commands, email: suse-amd64-help@suse.com
******************************************* Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the contents in this e-mail is strictly forbidden. *******************************************
Jurzitza, Dieter schrieb:
Nevertheless I cannot see a good reason to use 5 min password asking timeout as the default - I think that 0 min would be appropriate - whoever needs it shorter, can set it accordingly - but on his / her own risk. I think it would be a good policy for SuSE to change this as it is a risk that is adjustable and leaks should - IMHO - not be open as default.
Read the paragraph in "man sudo" about security, if you then come up with a certain exploit scenario, you will find open ears, I'm sure. Ciao Siegbert
On Tue, 2005-11-15 at 13:31 +0100, Jurzitza, Dieter wrote:
Dear listmembers, I discovered this accidentally and never ever had had thought that something like this could happen. There are cases where a "sudo" option IMHO is preferrable over an extra root login on some console window, this is why I use it on a common base. And, when installing sudo, I cannot remember having been warned about something like this. Ok, ok, it is a RTFM issue. Nevertheless I cannot see a good reason to use 5 min password asking timeout as the default - I think that 0 min would be appropriate - whoever needs it shorter, can set it accordingly - but on his / her own risk. I think it would be a good policy for SuSE to change this as it is a risk that is adjustable and leaks should - IMHO - not be open as default. Thanks for all your feedback, take care
Well I don't think so? When done with a shell close IT!!!
Dieter Jurzitza
-- ________________________________________________
HARMAN BECKER AUTOMOTIVE SYSTEMS
Dr.-Ing. Dieter Jurzitza Manager Hardware Systems System Development
Industriegebiet Ittersbach Becker-Göring Str. 16 D-76307 Karlsbad / Germany
Phone: +49 (0)7248 71-1577 Fax: +49 (0)7248 71-1216 eMail: DJurzitza@harmanbecker.com Internet: http://www.becker.de
-----Ursprüngliche Nachricht----- Von: Ken Siersma [mailto:siersmak@ekkinc.com] Gesendet: Dienstag, 15. November 2005 10:09 An: suse-amd64@suse.com Betreff: Re: [suse-amd64] OFF-TOPIC - *very* bad
Also, this feature is not Suse specific. The sudo memory is (I think) standard for sudo on most distributions (at least RedHat and Fedora, which I can verify). Nevertheless, it is indeed a security issue.
Cheers,
Tim --- Siegbert Baude
wrote: Jerry Westrick schrieb:
On Tuesday 15 November 2005 11:15, Jurzitza, Dieter wrote:
Dear listmembers, a big please: could you try
sudo -s <ROOTPASSWD> ROOTSHELL Ctrl-d (back to original shell)
sudo -s ROOTSHELL !!!! No question for password. This should never happen. !!!! Ctrl-d (back to original shell)
I perceive this as a serious bug. I see this here on SuSE 9.3 (both amd64 and i586) and have no other platform to test - any feedback is highly appreciated! The system asks again for the
Tim Janssen wrote: password after a
certain amount of time (10min to 30min). I haven't debugged this with too much depth. Thanks in advance, take care
Dieter Jurzitza
Ditto SUSE 10.0 Pro (Comercial)...
The same on SUSE 9.2, but this is not a bug, it's a feature. "Man sudo" reveals this in the first paragraph, in the paragraph about sudo security you also find interesting pieces of information. To change this "man sudoers" says:
timestamp_timeout Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.
Ciao Siegbert
-- Check the List-Unsubscribe header to unsubscribe For additional commands, email: suse-amd64-help@suse.com
AFAIK, it has been standard practice for quite some time to not install sudo if you are concerned about security. I don't have it on my home system which has a direct connection to the internet, with good reason, or my firewall at work, which I installed a good 3 years ago.
-- Check the List-Unsubscribe header to unsubscribe For additional commands, email: suse-amd64-help@suse.com
******************************************* Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und loeschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the contents in this e-mail is strictly forbidden. *******************************************
On Tue, Nov 15, 2005 at 01:31:26PM +0100, Jurzitza, Dieter wrote:
Nevertheless I cannot see a good reason to use 5 min password asking timeout as the default - I think that 0 min would be appropriate - whoever needs it shorter, can set it accordingly - but on his / her own risk.
When you have to run a bunch of different commands using sudo while tracking down a problem for users or something, that cache comes in mighty handy. It would waste far too much time to have to type a password every single time when you're in the middle of trying to fix something. Of course, to each his own.. but sudo has been around a long time and has had a lot of people looking at it's code for exploits. If you're worried about people jumping on your box if you walk away while the cache is still live... lock your console, exit the shell, whatever. -- Mike Marion-Unix SysAdmin/Staff Engineer-http://www.qualcomm.com [It's Halloween Kitty gives out raisins] Kids: "Ewwwww..." Kitty: "No, raisins are good for you. Raisins are nature's candy." [As soon as she closes the sliding glass door eggs hit it] Red: "..and eggs are nature's hand grenade. Kitty, don't give them raisins.. it just pisses them off."
participants (4)
-
Chadley Wilson
-
Jurzitza, Dieter
-
Mike Marion
-
Siegbert Baude