tech-security: Re: [lists@globalintersec.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]

Subject: Re: [lists@globalintersec.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
To: None <tech-security@netbsd.org>
From: None <ipthomas@mac.com>
List: tech-security
Date: 04/25/2002 19:38:45

On Thursday, April 25, 2002, at 06:06 PM, Greg A. Woods wrote:

> [ On Thursday, April 25, 2002 at 11:26:04 (-0400), Thor Lancelot Simon 
> wrote: ]
>> Subject: Re: [lists@globalintersec.com: [Global InterSec 2002041701] 
>> Sudo Password Prompt Vulnerability.]
>>
>> On Thu, Apr 25, 2002 at 11:05:29AM -0400, Jan Schaumann wrote:
>>> Attached find a patch to include into pkgsrc/security/sudo/patches to
>>> fix this problem.
>>
>> Shame it doesn't fix the fundamental problem with sudo: it is almost
>> impossible to actually set it up so that the access of a sudoer is
>> truly restricted.  I've almost never walked up to a system with sudo
>> installed and spent more than ten minutes looking around before finding
>> a way to use sudo to gain unrestricted root access.  Heck, many places,
>> the most common thing sudo is used for is to run /bin/sh! ;-)
>
> That's true of absolutely every system where I've seen it installed.
>
>> A lot of people don't want sudo; they want su -c and don't know that
>> it exists.  But with sudo, they get to be deceived into thinking that
>> they have somehow increased the security of their systems... not good.
>
> Amen.
>
> And sudo users are too lazy for their own good.....
>
> Sudo is a security bug waiting for an exploit.
>
> --
> 								Greg A. Woods
>

	So I'm going to assume that su -c is more appropriate then sudo.  
By sudo users being lazy, you mean that they have use of all commands 
run as root with no password, right?  For some things, it seems that you 
will have to log in as root or at least pretend, via su or sudo.  It 
seems that rather than trying to predict what commands will need to be 
used, take the time to produce a good login.conf file with well designed 
login-classes that limit a person's abilities while logged in as root to 
a point where they cannot tank the system.
	I'm curious as to why so many publications these days tell users to 
use sudo rather then su.  I know when I started out using UNIX, when I 
went to my first LUG meeting, the one guy laughed when he saw that I 
used su and hadn't installed sudo.  At the time, he knew how to 
recompile a kernel and I didn't so I took his advice and installed 
sudo.  Always good to get other opinions on the matter, now that I've 
used UNIX for a while.

Ian

Of Course It Runs NetBSD
www.netbsd.org