Malwareteks: Forums / BSD/Linux/Solaris/Unix / How Safe is it to use Sudo?

Forums

Malwareteks :: Forums :: Alternate Operating Systems :: BSD/Linux/Solaris/Unix		<< Previous thread \| Next thread >>
How Safe is it to use Sudo?


Moderators: ShadowPuterDude, Greg, D3m3nt3d, Brandon, Vmarm, peterparker, siljaline, jholland1964, TurcoLoco, Windsor, JeanInMontana, KZ, RatHat, Jason Amison, MrCharlie

Author

Post

Speedy

Sat Sep 22 2007, 01:31PM

Registered Member #84

Joined: Sat Aug 04 2007, 09:49PM
Location: Seattle, Washington
Posts: 58
Thanked 0 times in 0 posts

This is a question that was brought up to me the other day and I was wondering what you think of it.

How safe is it to use Sudo? Being as it's linux, I know a lot of people automatically assume its safe, but since this grants a lot of access that only the root would normally have, wouldn't this tool make it a whole lot easier to compromise root and thus the entire system?

Using the windows mentality, I would think a lot of new users from Windows would be just using this as an end all to install anything they want, which would make it a whole lot easier to install malware on a linux box.

So basically in a nutshell, if someone compromises the regular user account, wouldn't the sudo command put them very close to being able to compromise root?

Doesn't sound very secure in my mind.

ShadowPuterDude

Sat Sep 22 2007, 07:38PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

Any OS is only a secure as the person using it.

Since Linux user accounts are "Least Privileged" by default, any attempts to install programs to root will require user interaction and authorization to install.

[ Edited Sat Sep 22 2007, 07:39PM ]

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218

Speedy

Wed Sep 26 2007, 09:10PM

Registered Member #84

Joined: Sat Aug 04 2007, 09:49PM
Location: Seattle, Washington
Posts: 58
Thanked 0 times in 0 posts

Interesting. I was just curious because I have never been asked for a password to use sudo.

ShadowPuterDude

Wed Sep 26 2007, 10:24PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

Accounts with SUDO configured do not required passwords to be entered when SUDO is run.

I do not configure SUDO for any accounts on any Linux boxes I configure. This forces the user to SU and enter the root password; since only the SysAdmin will know the root pwd, no other users will be able to temporarily elevate to root privileges to install anything. This way if the user tries to run a script that attempts to SUDO, it will fail, as SUDO isn't configured for that account.

Just an added precaution I take, as I trust no one who uses a computer.

When running Linux distros that do not have root enabled by default, SUDO is the only other way to elevate privileges to install additional software, unless the SysAdmin enables root.

[ Edited Sun Sep 30 2007, 09:48AM ]

Speedy

Sun Sep 30 2007, 02:18AM

Registered Member #84

Joined: Sat Aug 04 2007, 09:49PM
Location: Seattle, Washington
Posts: 58
Thanked 0 times in 0 posts

Interesting, that is very good information to know. So on Ubuntu, does it automatically configure the user accounts for Sudo then?

ShadowPuterDude

Sun Sep 30 2007, 09:54AM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 251
Thanked 12 times in 12 posts

No, you would have to configure every user that needs SUDO from the Users and Groups tool from System --> Administration menu.


Jump: Back to top