sudo without password
Scott Kitterman
ubuntu at kitterman.com
Wed Jun 7 11:54:52 UTC 2006
On Wednesday 07 June 2006 02:28, Michael T. Richter wrote:
> On Wed, 2006-07-06 at 02:04 -0400, Scott Kitterman wrote:
> > > > > Note that doing this is a very bad idea from a security
> > > > > standpoint....
> > > >
> > > > And none of this makes the slightest difference to the well-being of
> > > > the single most important stuff on your computer: Your own files.
> > > >
> > > >
> > > >
> > > > So.............. a 'very bad idea from a security standpoint'...
> > > > hardly.
> > >
> > > This is a point that seems to be missed in the UNIX community a lot:
> > > the vast majority of computer users no longer run on time-shared,
> > > multi-user systems. "Security" is "me and my files" not "my system
> > > because if it goes down hundreds of others are inconvenienced".
> > >
> > >
> > >
> > > It's a different world. UNIX will catch up sometime.
> >
> > If I screw up and make my data available to someone, that hurts me.
>
> And that is the most common security exploit even under Windows. You
> lose your data. We just hear about the other ones more because a)
> they're the scary ones and sensationalism always wins out over numbers
> and b) they're the ones that we're more likely to see in the wild when
> they hit (by their very nature).
>
I don't know of that's true or not. I can tell you that my servers routinely
get probed via compromised windows boxes. My first Ubuntu 6.06 mail server
was on line for less that 4 hours before someone tried to relay spam through
it.
I won't speculate on what's more common. Since most Windows computers are
either Windows variants that don't restrict user capabilities (e.g. Win 9X)
or are run with the user account having administrator privileges, if one can
remotely access the computer, they can compromise it. I think a Windows
exploit that resulted in JUST the loss of user data would be rare.
> > If I screw up and compromise my machine and give it over to some
> > spammer/phisher/[insert favorite net crime here], then I've hurt the
> > entire internet.
>
> How nicely full of hubris. "My little laptop will bring down the
> Internet."
>
> Tragically, however, the worst attacks ever only brought down a part of
> the Internet for small periods of time (relatively speaking).
>
Note I said hurt, not bring down. Those compromised boxes affect me every
day. The openness of the internet is/was it's beauty and it's danger.
Many of the problems of the internet today would be significantly less if the
operating system used by most internet users had a more robust security
model.
> > It's a different world. UNIX was designed for it.
>
> UNIX was designed long before there was an Internet. And its security
> model shows it. (Sudo is an afterthought, not the primary model.) A
> modern security model would be capabilities-based -- you know, two
> generations of security architecture past what UNIX was designed with.
>
Sure it was. I'm not saying UNIX security couldn't be better. It certainly
could. If one is interested in more robust security there are options. As a
rule, the added complexity associated with better security (such as what you
can get from SE Linux) are not worth the added administrative burden
associated with it.
There are two security models in widespread deployment on the internet today.
They were both designed before there was an internet. One works reasonably
well. The other doesn't.
The sudo approach has it's place (I think it's a good idea for the desktop),
but for an experienced administrator trying to manage servers, I think it's
more trouble than it's worth.
Scott K
More information about the ubuntu-users
mailing list