Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
On Sun, 2014-03-02 at 16:44 +0100, Cyril Brulebois wrote: Colin Watson cjwat...@debian.org (2007-06-18): On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote: Current installer have 2 options: 1.set root password 2.don't set root password In case 2. the configuration file sudo created with the next settings user ALL=(ALL) ALL I suggest to add an option: timestamp_timeout 0 This option will prevent getting root rights by malefactor who was succeed in getting shell on user account (for example through possible holes in brouser etc.) In current case a simple script that periodically runs 'sudo command' or more complicated script that follows for logs activity /var/log/auth and runs on this log activity 'sudo command' can get full control on a system where sudo configured by installer. I don't think it's that simple. We tried that in Ubuntu three years ago, and the net effect was that everyone got fed up of being prompted for their password all the time and just ran 'sudo -s' to get a root shell. We concluded that this was not a security win once we'd thought about it in more detail, and reverted it. Based on Colin's feedback, I don't think we want to add this option, so closing this bug report. Also, doesn't modern sudo tie the password cache to the current (p|t)ty, in other words you can't run an attack loop in one session and hope to use the password cached from another. Ian. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
On 22:01 Mon 18 Jun , Colin Watson wrote: CW On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote: Current installer have 2 options: 1.set root password 2.don't set root password In case 2. the configuration file sudo created with the next settings user ALL=(ALL) ALL I suggest to add an option: timestamp_timeout 0 This option will prevent getting root rights by malefactor who was succeed in getting shell on user account (for example through possible holes in brouser etc.) In current case a simple script that periodically runs 'sudo command' or more complicated script that follows for logs activity /var/log/auth and runs on this log activity 'sudo command' can get full control on a system where sudo configured by installer. CW I don't think it's that simple. We tried that in Ubuntu three years ago, CW and the net effect was that everyone got fed up of being prompted for CW their password all the time and just ran 'sudo -s' to get a root shell. CW We concluded that this was not a security win once we'd thought about it CW in more detail, and reverted it. Please, see attached script. If run this script in the name of user, who is tuned to sudo (installator's tuning) than early or later script will create file sudo_hack.sh Description: Bourne shell script
Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
Package: installation-reports Version: 2.29 Severity: normal Current installer have 2 options: 1.set root password 2.don't set root password In case 2. the configuration file sudo created with the next settings user ALL=(ALL) ALL I suggest to add an option: timestamp_timeout 0 This option will prevent getting root rights by malefactor who was succeed in getting shell on user account (for example through possible holes in brouser etc.) In current case a simple script that periodically runs 'sudo command' or more complicated script that follows for logs activity /var/log/auth and runs on this log activity 'sudo command' can get full control on a system where sudo configured by installer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote: Current installer have 2 options: 1.set root password 2.don't set root password In case 2. the configuration file sudo created with the next settings user ALL=(ALL) ALL I suggest to add an option: timestamp_timeout 0 This option will prevent getting root rights by malefactor who was succeed in getting shell on user account (for example through possible holes in brouser etc.) In current case a simple script that periodically runs 'sudo command' or more complicated script that follows for logs activity /var/log/auth and runs on this log activity 'sudo command' can get full control on a system where sudo configured by installer. I don't think it's that simple. We tried that in Ubuntu three years ago, and the net effect was that everyone got fed up of being prompted for their password all the time and just ran 'sudo -s' to get a root shell. We concluded that this was not a security win once we'd thought about it in more detail, and reverted it. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]