[HanoiLUG] Ubuntu-sudo usage..

Steve steve at hivemind.net
Sat Jan 6 00:18:58 ICT 2007 

David an excellent post!!

> This is correct.  But you are not understanding (well, I guess,
> understanding but not agreeing with) my point that a cracker on your
> machine as *you* is already *much* too bad.  I see getting rooted is
> about 1% more damage than having someone p0wn my box as *me*.

I take your point, and I confess that I probably do have the mindset you
refer to.

However, in the original post (which prompted my attack on your
security), you said you did the following things:

- always set a root password
- allow passwordless sudo
- enable root login from gdm
- enable root login from ssh (albeit, by key only)

Now, I already accept that you need to tighten your personal security
up, but what possible gains do you get by loosening the above?

Your faucet analogy (do people still use that word except when talking
about actual plumbing work?) shows that it's a bit silly to open all the
other faucets wide after closing the top one really tight - if they
already had some safety aspects, don't remove them.

One by one:

- Setting a root password is instantly dangerous because it enables an
account that everybody knows about.  It's like putting a big sign
telling intruders which lock to try to pick, instead of hiding the locks
so that they don't even know where to try to focus their attempts.

- Allowing passwordless sudo is instantly dangerous because it allows
people to perform any action on the system directly, the moment they can
get you to run one command.  Yes, I know that they could use that one
command to install backdoors and stuff anyway, but no backdoor is
foolproof, and these backdoors may not be successful.  Allowing
passwordless sudo means they have 100% chance of achieving their goals
once they've gotten you to run one single command.

- enabling root login from gdm...   Well, frankly, I just don't know why
you want to do this at all.  A windowing system is a huge unwieldy thing
that could have backdoors all over that we don't know about.  Why would
you run the whole thing as root?  What do you gain?  You lose the
certainty that if somebody does manage to exploit some X application
somewhere they won't be able to do anything but local damage.

- enabling root login from ssh - yet another way in, and for what gain?

I am really not looking at trying to sound difficult. It has been over
2 years since I have had the opportunity to dialogue about security.
So I am sincerely grateful for the time you have taken in responding.

Steve

More information about the HanoiLUG mailing list