Re: [SLUG] Ubuntu/kubuntu

• Next message: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Previous message: Mason Mullins: "RE: [SLUG] Ubuntu/kubuntu"
• In reply to: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Next in thread: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Reply: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 8/2/06, Levi Bard <taktaktaktaktaktaktaktaktaktak@gmail.com> wrote:
>
> > If user X can do things as root without supplying the root password
> (because
> > there is none) but rather his own (which he can set to whatever), then
> the
> > root account is no more secure than X's account.
>
> The thing is, sudo is configurable to allow users to only do certain
> things as root. For example, you can allow a user to only have root
> privileges to run apt-get. This is much more secure than giving that
> user the root password (on a system that has one).
>

Two things... in the Ubuntu setup, if you update sudoers to allow sudo only
for apt-get to run as root, you've completely locked yourself out of root
otherwise to maintain your system... without booting into single user mode
or apt-get installing a package with an installation script to give you
additional access, or taking advantage of some other exposure. So it's not
exactly that cut and dry in real-world use (though otherwise a perfectly
true statement!).

Eben's first statement about root account is no more secure than X's account
is not entirely true either. If the user is running as root and executes a
trojan/worm or similar, then *Boom* sayonara sweetheart. However, if the
trojan is required to prompt the user for a password (root or user) to
escalate privileges before doing damage, then that is an additional layer of
protection over running as root. It's only as strong as the user's
suspicion "why does this task require access that only system configuration
tasks require" registering before he/she finishes answering the prompt...
but "no more secure" is far too generalized a statement.

Not trying to be overly pedantic, but it seemed worth mentioning.
~ Daniel

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Previous message: Mason Mullins: "RE: [SLUG] Ubuntu/kubuntu"
• In reply to: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Next in thread: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Reply: Levi Bard: "Re: [SLUG] Ubuntu/kubuntu"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:33:50 EDT