On Fri, Jan 02, 2004 at 08:55:59AM -0800, Ben Barrett wrote: > On Thu, 1 Jan 2004 21:01:14 -0800 > Jacob Meuser <[EMAIL PROTECTED]> wrote: > > | On Thu, Jan 01, 2004 at 03:19:53PM -0800, Ben Barrett wrote: > | > Ah yes, sudo is a Good Thing, although be wary of allowing "sudo su", > | > for if you are trying to limit your normal users' actions, and get a log > | > of what they sudo, you'll only ever see that they became root, at which > | > point they have untrackable control. > | > | That's only the tip of the iceberg, so to speak. Don't forget that > | such seemingly harmless programs as 'less' and 'more' can execute > | commands, like "!sh". > > Are you talking about control-Z suspend or something else?
Something else, I'm talking about pagers executing commands. Try it: $ touch /tmp/tmp $ sudo less /tmp/tmp password: (when less starts type "!sh<enter>" without the "s) # whoami root # exit !done (press RETURN) (back in less type "q") $ > | The only really effective way to limit what users can do with sudo is > | explicitly list, with full pathnames and making sure there's no way for > | the user to modify, which programs and possibly with which arguments > | they are allowed to sudo. > | > | If they run 'sudo su', that action will be logged, not only in the > | sudo log, but also the security/login logs. The best way to stop > | that kind of behaviour is by policy, making 'sudo su' grounds for > | termination. > > That's not going to help when an attacker gets ahold of someone's password, > then you're mostly SOL, But when is that not the case? If the admin is using 'su', then the admin knows and is typing root's password. You could also only allow authentication through keys to lessen the chance of a stolen password. > If "sudo su" is undesirable, I would say that the most effective ways to > block that action, is as you say, allowing only a specific list of > path/executables available for sudo'ing -- or just don't use sudo. > Without sudo, you might take advantage of a chrooted environment, or a > usermode linux (UML)... or something similar. Other ideas, anyone? Usually sudo is used by admins to do system administration, in which case, these options aren't feasible. There are many, many options for security. I like to use group permissions. -- <[EMAIL PROTECTED]> _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
