| 1 |
On Tuesday 10 August 2010 15:03:19 Kevin O'Gorman wrote: |
| 2 |
> On Mon, Aug 9, 2010 at 6:18 PM, William Hubbs <williamh@g.o> wrote: |
| 3 |
> > On Mon, Aug 09, 2010 at 05:30:40PM -0700, Kevin O'Gorman wrote: |
| 4 |
> > > On Mon, Aug 9, 2010 at 1:20 PM, Bill Longman <bill.longman@×××××.com> |
| 5 |
> > |
| 6 |
> > wrote: |
| 7 |
> > > > I actually prefer "sudo su -" -- as long as I'm giving it away! :o) |
| 8 |
> > |
| 9 |
> > Afaik, there is no reason for "sudo su -" It should be either |
| 10 |
> > |
| 11 |
> > su - |
| 12 |
> > |
| 13 |
> > or, if you are using sudo, |
| 14 |
> > |
| 15 |
> > sudo -i |
| 16 |
> > |
| 17 |
> > The disadvantage of "su -" is that it requires the user to know the root |
| 18 |
> > password. But, "sudo -i" does the same thing without requiring the user |
| 19 |
> > to know the root password. |
| 20 |
> > |
| 21 |
> > You either didn't think or didn't actually try it. "sudo su -" needs a |
| 22 |
> |
| 23 |
> password, but it's the |
| 24 |
> user password. Running su as root never needs a password. Accordingly, |
| 25 |
> this works on |
| 26 |
> a stock Ubuntu with no root password. |
| 27 |
> |
| 28 |
> "su -" requires the root password unless you're already root, and the root |
| 29 |
> password may or may not exist. |
| 30 |
> |
| 31 |
> I didn't know about "sudo -i" (thanks), but when I tried "sudo -i" it |
| 32 |
> immediately asked for a password, for which |
| 33 |
> the user password was sufficient. So it's entirely equivalent to but |
| 34 |
> slightly shorter than my version. I'll stick with |
| 35 |
> mine because it's made of parts I already know and won't forget. |
| 36 |
> |
| 37 |
> I think that if sudoers don't need to enter passwords, they're still |
| 38 |
> equivalent, but I have not tried this. |
| 39 |
|
| 40 |
Sounds to me like he's whinging about sudo and not much else. I find this to |
| 41 |
be common and far too many people advancing the idea can't define to me basic |
| 42 |
security concepts. I have also yet to meet someone with a beef against sudo |
| 43 |
that can show a fundamental weakness with it, and I'm not talking about an |
| 44 |
isolated case of buffer overflow either - that can happen with any software. I |
| 45 |
mean a weakness in the methodology of sudo itself. |
| 46 |
|
| 47 |
Many people have a stuck idea in their heads that the root password is a magic |
| 48 |
security bullet. In fact, it's no such thing. Like any other password it is |
| 49 |
simply something you need to prove you know in order to to authenticate |
| 50 |
yourself. The major threat by analysis on a workstation is stepping away for a |
| 51 |
leak and forgetting to lock the screen. sudo is adequate protection against |
| 52 |
this as long as more than 5 minutes have elapsed since the last sudo was run - |
| 53 |
the prankster may have access to the machine but still does not know any |
| 54 |
password, including yours. A major threat to finding passwords is shoulder |
| 55 |
surfing. If one frequently enters the root password, it is equally easy for a |
| 56 |
shoulder surfer to find it as to find the user's password. Note that if you |
| 57 |
leave your workstation unlocked with a root session open, there is no such |
| 58 |
timeout as what one has with sudo. |
| 59 |
|
| 60 |
Additionally, on a shared machine (i.e. server at work), the root password has |
| 61 |
to be shared which is a huge hole in itself due to the difficulty of |
| 62 |
communicating the new password when it is changed. It is trivially easy to |
| 63 |
communicate a single password for a single user and guarantee it stays secure |
| 64 |
(major advances in cryptanalysis excepted). |
| 65 |
|
| 66 |
|
| 67 |
-- |
| 68 |
alan dot mckinnon at gmail dot com |
Archives