[ale] SSH attempts

Michael B. Trausch mike at trausch.us
Fri Sep 16 14:43:14 EDT 2011


On Fri, 2011-09-16 at 18:21 +0000, Lightner, Jeff wrote:
> And of course you have to be careful with sudo.   It amazes me the
> when people can’t see that granting access to something like “sudo vi”
> is a bad idea.   Any command that has a shell access sequence (e.g.
> “:/bin/bash” in vi) gives such users complete root access because the
> shell is started by the root user since the parent was.

Yes, as I also pointed out.

There _is_ a way to secure that situation, though it is not used by
default in any distribution that I am aware of.  The kernel does support
the notion of being able to have a privileged process that is not
allowed to spawn children which are themselves privileged.  However, it
does take a bit of work to setup (and in order for sudo to use that
capability it would need to be patched such that when it forks and execs
a child process as root, it prevents the process from spawning other
processes that are also running as root).  That could interfere with
processes that legitimately need to spawn privileged children, of
course, so it would have to be an option that could be toggled based on
the need of the process to be invoked...

But as I said before, “proper use of sudo significantly enhances system
security”.  Improper use is, at best, only as (in)secure as plain su.

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                  --- Carveth Read, “Logic”



More information about the Ale mailing list