Re: shared root account

To: debian-security@lists.debian.org
Subject: Re: shared root account
From: Ethan Benson <erbenson@alaska.net>
Date: Sat, 7 Jul 2001 01:52:47 -0800
Message-id: <[🔎] 20010707015247.R26109@plato.local.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010706174552.A6776@doorstop.net>; from debian-security@virtual.doorstop.net on Fri, Jul 06, 2001 at 05:45:52PM -0700
References: <[🔎] 20010706152456.M26109@plato.local.lan> <[🔎] 20010706174552.A6776@doorstop.net>

On Fri, Jul 06, 2001 at 05:45:52PM -0700, Vineet Kumar wrote:
> You make a good point, even if one of your examples is flawed:
> 
> $ sudo 'cat s >> /etc/sudoers'
> sudo: cat s >> /etc/sudoers: command not found

er yeah that quoting is bogus, im pretty sure you can do that command
in sudo if you properly quote things, then again maybe not, if sudo
doesn't use /bin/sh.

in any even i can think of dozens and dozens of examples of seemingly
innocent programs which can be exploited to give full root.

> Okay, so it's not really big or heavy, nor remotely wood. But it does
> give you things like this to peer at later:
> 
> Jul  6 17:24:59 gobo sudo:   vineet : TTY=pts/1 ; PWD=/tmp/ucspi-tcp ;
> USER=root ; COMMAND=/usr/bin/dpkg -i
> /home/vineet/ucspi-tcp_0.88-5_i386.deb
> Jul  6 17:32:10 gobo sudo:   vineet : TTY=pts/2 ; PWD=/etc/init.d ;
> USER=root ; COMMAND=/etc/init.d/qmail restart

i don't see the benifit to this for two reasons:

1) anytime anyone plans to run more then 2 commands they are just
going to run sudo -s or sudo bash and there goes your logging.

2) its quite easy to dispose of those annoying log entries once you
have root.

both of these combined make sudo's logging all but useless, if
anything its a false sense of added security. 

> Which can be very useful. It's not foolproof by any means, and as you
> demonstrate, can usually be trivially reduced to su, but it's better
> as a *standard* way of doing things on a system on which multiple people
> play root. If you can't trust those people, then you're screwed no
> matter what tools you use.

yup, which is why nobody gets root but me.  if i ever for some reason
decided to go back to sysadmin work a criteria for employment would be
that no manager, sales guy, or other morons would be permitted access
to root for ANY REASON, period, end of story.  

as for sudo for my own purposes i don't see the point, i don't want my
normal account to be a root account nor do i want my user passwd to be
a/the root passwd.  the logging is nothing more then an annoyance
since i know what i run anyway.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgprBY0_ApL6d.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: shared root account
  - From: "SDiZ Cheng" <sdiz@uhome.net>

References:
- Re: shared root account
  - From: Ethan Benson <erbenson@alaska.net>
- Re: shared root account
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: Re: shared root account
Next by Date: Re: shared root account
Previous by thread: Re: shared root account
Next by thread: Re: shared root account
Index(es):
- Date
- Thread