-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Feb 07, 2014 at 11:25:31AM +0200, Maxim Kammerer wrote: > On Fri, Feb 7, 2014 at 2:37 AM, Sahar Massachi <[email protected]> wrote: > > The fact that there's a "naked sudo" hole is brutal. > > > > Forgive me if I misunderstand the problem, but how could *anyone* ship a > > distribution with a passwordless sudo? That seems like it requires > > deliberate malice to even set up. > > Careful here: Tails had passwordless sudo prior to v0.11, less than 2 > years ago. So either unlimited local root access is not such a big > deal, or recommendation to use Tails is short-sighted — in either case > the report has a problem. I suggest that the report author sweeps both > issues under the carpet simultaneously using a politically correct > language referencing problems that were taken care of a long time ago, > and are not that critical to begin with.
There may be two differents things mixed here. First, recommending the use of Tails instead of uVirtus is not just related to the passwordless root access. You probably noticed by reading the report that there are numerous other issues in and around uVirtus that make Tails undoubtedly a safer (and possibly easier to use) choice. Possibly not the only choice though, as this is mentioned in the conclusion with a link to a comparative study between IprediaOS, Liberté Linux, Privatix, Tails and Whonix. The idea was to avoid just saying "Hey, you're using uVirtus, too bad for you", but to also give a link to better solutions in overall. It is a misundertanding to think that I "sweep under the carpet" the root issue and Tails at the same time: I would perform the same recommendation even without this issue. Second, on the passwordless issue itself. It may be a matter of interpretation, but considering that any executable program using "sudo" can get unlimited access seems problematic to me. As mentioned in the report, in Syria a common method of attack is to fool users in downloading and executing malicious programs disguised as something else. If one manages to have the user do this from uVirtus, it looks to me quite easy then to perform nasty stuff such as messing around with the data contained on the local hard disks. Maybe it is not so easy to do, making the issue "not that critical" as you state, in which case I think it'd be useful to justify a bit the claim. But then maybe this depends on other security features of the system you're considering, and in uVirtus the fact that this issue is surrounded by many others seems to make it quite critical. The Tails ChangeLog¹ I found for 0.11 does not seem to explain why the passwordless root was removed, but my guess would go towards security concerns. Best, KheOps ¹ https://git-tails.immerda.ch/tails/plain/debian/changelog?id=0.11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJS9NSYAAoJEK9g/8GX/m3dz3AIAI7UyyRYH5mJbUAIAlUcGRQp cKeTneIMeAheJGiaBQm+gMypL0x8hA5Q2lioZyXGnP2NyU4OG+ktJCOSguflXDx2 9IqeKoyrS9bp6AJAY2A+a361wN28OgQr6gPc7C+s8DNDNcv6v4LksD1MphS1j01Y uHJ4OcuN1AqzvZbGK22nkAewT89qF4YzEraHoWpqlUZEh+hvxBfYScipWA/h8wMD xCU1ZZyJVyYtEOHpV15Oja1DXtLrL5Db9uizI6k8UtHEgn+KxNq6wQb66tmDiwNs 9AJAD8ndc6oz5cEkQtOaMvqVVMDyTGWJwHS7zU3Zaj6LtDJHLizAjhM2Nsz1vKY= =fj5e -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
