On Mon, Dec 16, 2013 at 7:40 PM, Gian Uberto Lauri <sa...@eng.it> wrote: > Joel Rees writes: > > On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri <sa...@eng.it> wrote: > > > [...] > > > Maybe I failed expressing that I am not completely against sudo, there > > > are several good sudo usages and even "caching" the authentication has > > > its very legitimate uses, and the -k and -K flags help a lot in this, > > > even if some kind of "start caching now" option could be nice... > > > Someting to work on... > > > > Well, I'm beginning to see that what has you worried is that I might > > use sudo and then wander off to the facilities without issuing a sudo > > -K. And then the ninjas > > Ninja code! Non ninja person.
Well, now, I don't see caching as being an issue there. If the attacker can grab an authenticated session out from under me in 15 seconds, he can likely do it in less than 3 seconds, and if he has the ability to grab it, surely he has the ability to watch it? > > I'll admit that my son could be used as a substitute for a ninja in > > such a scenario. But then, it would be easier for the attacker to talk > > him into dropping a renamed keylogger on my desktop than to talk him > > into dropping a script on my desktop and running it with sudo. The > > keylogger postpones the result, but the probability of success is > > greater. > > If you do use only code from the official repository you could be > reasonably safe (even if there is a reaction time between the attack > and Debian response, and in that time you could be fall victim of the > attack). What does sudo or the improper uses thereof have to do with that? > But if someone is lured into running some code... Or something nasty > slips into a not-this-controlled repository? > > I am thinking about code that seems useful and innocent, and maybe > does useful and innocent work too. And there is nothing new about that, nor is the situation particularly exacerbated by sudo. > And then it taints your environment. Does an extra in your .profile > line with blank(s) worry you? Now you're being paranoid. If an extra blank can cause a shell to go belly up, we have worse problems than automated attacks. > Ah, differently from the keylogger, this attack is automatic and more > suitable for a "massive capture of zombies" than logging the > passwords. As far as I am aware, keyloggers are generally automatic. The collector really does not want to leave tracks by actively watching. Paranoia is good, but I think you're missing the target, fixated on one tool of many that are misused regularly. Now, I, personally, do not surf the web with any account that can use sudo to elevate privileges -- except for GUI shutdown and automount, I guess. I generally keep two special accounts for admin on my workstations, one for regular use and one in case something bad happens. And I have one account just for accessing the banks and such. Actually, I have one account set up so that it uses three separate non-login-capable users, one for the banks, one for the phone companies and ISPs and one for the credit card, but I no longer have the credit card. :-/ Blogged about that once. Hmm: http://reiisi.blogspot.jp/2011/08/simple-sandbox-for-firefox.html And that blog has earned me quite a bit of criticism. Maybe justifiable criticism. I'd like to extend the idea, but it's going to take some tinkering with the underlying system to make it worth the effort. And there are other gaping holes that need to be fixed first. I blogged once about how the OS distros should by default automatically make three initial non-root users at the point of install, but my personal server, where that blog and the demonstration perl script resided, had a failure in my pocketbook and is waiting for a transfusion of cash. One user for surfing, one user for work and one user for admin. Now, I'm re-thinking that as well, that the surfing user should be constructed on-the-fly and discarded and deleted when the surfing session is over. Our current systems simply don't support that kind of a workflow, except for the paranoid like me and maybe you. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iP76T_5G_DOr=9tbmo8t+pfnac8elikp9g-6oeed9l...@mail.gmail.com
