From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OiuEN-0004J9-7e for garchives@archives.gentoo.org; Tue, 10 Aug 2010 19:11:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5E57BE0B9D for ; Tue, 10 Aug 2010 19:11:22 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id BE576E0B59 for ; Tue, 10 Aug 2010 18:53:53 +0000 (UTC) Received: by ewy19 with SMTP id 19so5070223ewy.40 for ; Tue, 10 Aug 2010 11:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=/c5fo+3Stzs8xCJEHGpQScVVg5/bL2VQNskA7RsLbHU=; b=aFShoTs1yZl/HgCGxcpMLuIb0G5yfqiBjys9+rNYUb/41cCy+jQEzoBu5pDv4Rg+um /lL7BoEyFU8PZj8b2BCNnBehklJL5MJKchcgRHSK5AyVchXq0aCCdF54uKPM5yXw6jMt wJaHMuHJtntEcA/rID8UZHMYWSgUL1h3Z/hL8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=dQcgsK+DDY4fApRY81dwXYVvV/Q99l6e9GY7n+Lp5G6w4GV/CgiWG2iD/4vteieDNU C0BnVCWWcRMbzkKlOEBKQ50clfZOWJFVvXfM1MggVPFj1AKHpYXTPe/+haDMrazfPpzv MstkFTRy4IA0yvHZetnUnJk4lgzdaBXMU0gQk= Received: by 10.213.40.208 with SMTP id l16mr13914011ebe.6.1281466432945; Tue, 10 Aug 2010 11:53:52 -0700 (PDT) Received: from nazgul.localnet (196-210-183-170.dynamic.isadsl.co.za [196.210.183.170]) by mx.google.com with ESMTPS id a48sm10229003eei.1.2010.08.10.11.53.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 10 Aug 2010 11:53:51 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice Date: Tue, 10 Aug 2010 20:50:49 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.34-ck-r1; KDE/4.4.5; x86_64; ; ) References: <20100810011805.GA15816@linux1> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201008102050.49976.alan.mckinnon@gmail.com> X-Archives-Salt: 6318e20b-60d5-4e33-ab82-87a9745b3f80 X-Archives-Hash: 6c4f4da60621d1714499212d661da2b2 On Tuesday 10 August 2010 15:03:19 Kevin O'Gorman wrote: > On Mon, Aug 9, 2010 at 6:18 PM, William Hubbs wrote: > > On Mon, Aug 09, 2010 at 05:30:40PM -0700, Kevin O'Gorman wrote: > > > On Mon, Aug 9, 2010 at 1:20 PM, Bill Longman > > > > wrote: > > > > I actually prefer "sudo su -" -- as long as I'm giving it away! :o) > > > > Afaik, there is no reason for "sudo su -" It should be either > > > > su - > > > > or, if you are using sudo, > > > > sudo -i > > > > The disadvantage of "su -" is that it requires the user to know the root > > password. But, "sudo -i" does the same thing without requiring the user > > to know the root password. > > > > You either didn't think or didn't actually try it. "sudo su -" needs a > > password, but it's the > user password. Running su as root never needs a password. Accordingly, > this works on > a stock Ubuntu with no root password. > > "su -" requires the root password unless you're already root, and the root > password may or may not exist. > > I didn't know about "sudo -i" (thanks), but when I tried "sudo -i" it > immediately asked for a password, for which > the user password was sufficient. So it's entirely equivalent to but > slightly shorter than my version. I'll stick with > mine because it's made of parts I already know and won't forget. > > I think that if sudoers don't need to enter passwords, they're still > equivalent, but I have not tried this. Sounds to me like he's whinging about sudo and not much else. I find this to be common and far too many people advancing the idea can't define to me basic security concepts. I have also yet to meet someone with a beef against sudo that can show a fundamental weakness with it, and I'm not talking about an isolated case of buffer overflow either - that can happen with any software. I mean a weakness in the methodology of sudo itself. Many people have a stuck idea in their heads that the root password is a magic security bullet. In fact, it's no such thing. Like any other password it is simply something you need to prove you know in order to to authenticate yourself. The major threat by analysis on a workstation is stepping away for a leak and forgetting to lock the screen. sudo is adequate protection against this as long as more than 5 minutes have elapsed since the last sudo was run - the prankster may have access to the machine but still does not know any password, including yours. A major threat to finding passwords is shoulder surfing. If one frequently enters the root password, it is equally easy for a shoulder surfer to find it as to find the user's password. Note that if you leave your workstation unlocked with a root session open, there is no such timeout as what one has with sudo. Additionally, on a shared machine (i.e. server at work), the root password has to be shared which is a huge hole in itself due to the difficulty of communicating the new password when it is changed. It is trivially easy to communicate a single password for a single user and guarantee it stays secure (major advances in cryptanalysis excepted). -- alan dot mckinnon at gmail dot com