cross-platform virus

[Sasha Tsykin]

Tristan Wibberley wrote:
> Sasha Tsykin wrote:
>> Alan McKinnon wrote:
>>> You raise an interesting point, and technically you are correct.
>>>
>>> Security is always about finding that fine balance between safety and
>>> disruptiveness. Currently there are very few Trojan writers out there
>>> targeting *nix so for the time being we are relatively safe.
>>>
>>> I predict that it's only a matter of time before the target of Trojans
>>> shifts away from Windows. After the first wave of them, distros will
>>> respond by changing their sudo default to no tokens
>>>
>> Which would infuriate everybody who sues linux because it would be a
>> pain in the ass, although, admittedly you could use the sudo -s command.
> 
> Do not use sudo -s. use sudo -i. sudo -s should be removed or at the
> least documented that it should never be used.
> 
> sudo -s runs your own .bashrc as root - yet your .bashrc is writable by
> your own user account - which could be compromised by a firefox flaw, or
> a flaw in your email program, etc...
> 
> That's the reason for having a separate root and user account - the user
> can use potentially flawed applications without worrying too much about
> compromises. Using sudo -s gives a reliable path to root for an attacker.
> 
> sudo is supposed to separately authenticate the user actually issuing
> the command, but it doesn't separately authenticate the user that has
> made any changes to .bashrc
> 
Which is all very well and good, but if you are running a number of 
commands which all require root access, then it is a major pain to 
preface each command with sudo. This just acts as another argument to 
scrap sudo for su as the default. I don't particularly like having to 
type sudo all the time, Every time I forget it is an annoyance when ti 
tells me I don't have the privileges to perform the task I wanted to.

Sasha