[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Login as root/su/sudo?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Login as root/su/sudo?
From: "Nikolai N. Fetissov" <nickf_(_at_)_peachisland_(_dot_)_com>
Date: Tue, 8 Jun 2004 00:56:10 -0400 (EDT)

Enforced su/sudo (no direct root) do slow down an intruder
and do offer some marginal protection against mistypes,
but the main advantage here is _accountability_. Of course
sudo rm -rf /var/log/* is possible, but that's where remote
logging comes helpful.
--
 nickf3, my $0.03

On Mon, 7 Jun 2004, Adam ...:

> On Mon, Jun 07, 2004 at 07:01:28PM -0400, Adam Skutt wrote:
> > Adam wrote:
> > >
> > >Except that it also helps prevent you from accidently breaking your
> > >system.  I find people who log in as root end up doing something like rm
> > >-r * to clean up some random thing they were doing, but oops, they were
> > >in /, not /root like they thought. 
> > It only prevents you from doing dumb stuff like this if you actually
> > setup sudo to prevent you from running rm in certain directories.
> > That would pretty much kill its usefulness.  At best, you give it a list
> > of directories you want it to avoid, but that can still be beaten using
> > "../../*" or smiliar.
> > 
> > -- Adam Skutt
> 
> No, you see all the stupid output files I used to do random_task_x can
> be created, written and owned by a regular user.  So you don't run sudo
> rm -r, you just run rm -r.
> 
> Adam

Prev by Date: Re: Login as root/su/sudo?
Next by Date: Swap Encryption
Previous by thread: Re: Login as root/su/sudo?
Next by thread: Re: RAIDframe - root, boot, swap and recommendations
Index(es):
- Date
- Thread

Visit your host, monkey.org