1 |
On 04/18/10 11:02, Jonathan wrote: |
2 |
> On Sun, 18 Apr 2010 08:29:37 +1000 |
3 |
> Lie Ryan <lie.1296@×××××.com> wrote: |
4 |
> |
5 |
>> sudoedit is mainly just a shortcut for "sudo $EDITOR" (plus doing a |
6 |
>> few things). |
7 |
> |
8 |
> sudoedit is safer then sudo because sudoedit runs as root but nano |
9 |
> (The editor) runs as your user. |
10 |
> sudoedit uses a fixed path which is compiled into the program |
11 |
|
12 |
Yes, that's the "few things" part, sudoedit does solves a couple of |
13 |
security issues that you'd have if you start editor manually, probably |
14 |
calling it "just a shortcut" is too much undermining. |
15 |
|
16 |
>> Everything above (su,sudo,policykit,polkit) are just sugar for |
17 |
>> permission bits (owner,group,others+SUID,GUID); attempting to give |
18 |
>> finer control over the permissions or provide convenience services. |
19 |
> |
20 |
> Mess up the configuration and you may as well hand out the root |
21 |
> password. |
22 |
|
23 |
They're much better than manual management though, which is unless |
24 |
you're forty-two security wizard in one body you will get it wrong. |
25 |
|
26 |
>> Most security holes in Linux comes from a SUID program that lets |
27 |
>> untrusted programs into the "trusted-space". |
28 |
> |
29 |
> 53 SUID or GUID programs on my system! |
30 |
> Why does cdrecord have SUID set? |
31 |
|
32 |
No idea. |
33 |
|
34 |
>> I found sudo, although very handy for desktop, is a huge security |
35 |
>> hole. And is inadequate for any secure system. This is simply |
36 |
>> because if you run a program as sudo, then in the next five minute |
37 |
>> you start a malicious program *without* sudo; the malicious program |
38 |
>> can gain root access by stealing your previous sudo's timestamp |
39 |
>> (yes, it can steal the timestamp without being explicitly invoked |
40 |
>> with sudo[1]). Before running a potentially untrusted program, you |
41 |
>> must explicitly kill your sudo timestamp with `sudo -k` or set sudo |
42 |
>> to not use timestamp. Better yet, don't use sudo on secure systems. |
43 |
> |
44 |
> Wow... I never thought about that. I run sudo on my system 4 to 6 |
45 |
>> times a day if not more. Can tell me the setting please. |
46 |
|
47 |
Setting for the timeout? See `man sudoers` and look at |
48 |
timestamp_timeout. Setting for allowing program to steal timestamp? |
49 |
Don't worry, it's already default. |
50 |
|
51 |
> I had a quick look at man pages and Gentoo docs but I did not see it. |
52 |
> Gentoo sudo guide [1] could use a update about this. it was right |
53 |
> under my nose but I missed it... |
54 |
> |
55 |
> If some leaves they PC for 5 mins you could run |
56 |
> "nano ~/.bashrc" and add "export PATH=/home/user/.bin:$PATH" |
57 |
> then make a file called "sudo" write something to nick the password |
58 |
> and by it on to sudo and then clean up after it self. |
59 |
|
60 |
I believe the developers of `sudo` considered security against malicious |
61 |
people with physical access to the computer is out of their scope. |
62 |
Problem is, that means malicious people only need to trick a sudoers |
63 |
into running a piece of complex code and say "you're not running my |
64 |
script with sudo, so the script can't do no harm to system". |
65 |
|
66 |
When I first used sudo, I thought by invoking sudo for trusted program |
67 |
only and omitting sudo for everything else and thought the system would |
68 |
be secure. That's a false sense of security. As long as you're a |
69 |
root-sudoers, all program you run can gain root access any time they |
70 |
need to. They just need to daemonize and poll every few minutes for an |
71 |
updated timestamp. |
72 |
|
73 |
> Just for fun I did that to one of my terminal tabs, with the script |
74 |
> running "echo HAHA!". |
75 |
|
76 |
I once written a script that have this in the first line: |
77 |
|
78 |
if [ $UID != 0 ]; then |
79 |
sudo $0 |
80 |
quit |
81 |
fi |
82 |
# do business that requires root |
83 |
|
84 |
the script runs without asking password if I still have active timestamp |
85 |
from running another program. How convenient! (and makes me shivers) |