On Fri, Dec 13, 2013 at 4:50 PM, Gian Uberto Lauri sa...@eng.it wrote:
Tom H writes:
In the corporate environments where I work, we are about 70 sysadmins
in my location and about half as much in another. We all sudo to root
on our more or less 11,000 systems. So by your reckoning we have
On Sat, Dec 14, 2013 at 10:25 AM, Gian Uberto Lauri
gianuberto.la...@gmail.com wrote:
On 14/dic/2013, at 09:09, Nemeth Gyorgy fri...@freemail.hu wrote:
2013-12-13 17:22 keltezéssel, John Hasler írta:
...must have successfully authenticated
to execute a sudo command once
Within the last 15
On Mi, 18 dec 13, 13:11:30, Tom H wrote:
At home, people can run sudo bash (or more appropriately, sudo -s
or sudo -i) but we can't do that at my current job or other at my
previous jobs.
Is this requirement for logging purposes?
Kind regards,
Andrei
--
On Mon, Dec 16, 2013 at 7:40 PM, Gian Uberto Lauri sa...@eng.it wrote:
Joel Rees writes:
On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri sa...@eng.it wrote:
[...]
Maybe I failed expressing that I am not completely against sudo, there
are several good sudo usages and even caching
On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri sa...@eng.it wrote:
[...]
Maybe I failed expressing that I am not completely against sudo, there
are several good sudo usages and even caching the authentication has
its very legitimate uses, and the -k and -K flags help a lot in this,
even
Joel Rees writes:
On Wed, Dec 11, 2013 at 5:39 PM, Gian Uberto Lauri sa...@eng.it wrote:
[...]
Maybe I failed expressing that I am not completely against sudo, there
are several good sudo usages and even caching the authentication has
its very legitimate uses, and the -k and -K flags
On Wed, Dec 11, 2013 at 8:28 PM, Chris Bannister
cbannis...@slingshot.co.nz wrote:
On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
What makes root special is not the name but the numerical user id and group
id, bot set to zero. See /etc/passwd.
Don't you have to be logged
2013-12-13 17:22 keltezéssel, John Hasler írta:
...must have successfully authenticated
to execute a sudo command once
Within the last 15 minutes.
... from the same terminal. Don't forget this criteria because it is
important.
--
--- Friczy ---
'Death is not a bug, it's a feature'
--
The same terminal or the same shell?
--
Gian Uberto Lauri
Messaggio inviato da un tablet
On 14/dic/2013, at 09:09, Nemeth Gyorgy fri...@freemail.hu wrote:
2013-12-13 17:22 keltezéssel, John Hasler írta:
...must have successfully authenticated
to execute a sudo command once
Within the
On Wed, Dec 11, 2013 at 02:13:18PM +0100, Gian Uberto Lauri wrote:
Chris Bannister writes:
This is in a tty, so don't know what will happen in an xterm or other
virtual terminal.
The virtual terminals usually honour ANSI escape sequences. For sure
xterm, the rxvt family and the
Bob Proulx writes:
Gian Uberto Lauri wrote:
Bob Proulx writes:
How would this be accomplished? (Answer cannot contain a use of sudo!
No circular logic please.)
...
Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL',
On Tue, Dec 10, 2013 at 7:59 AM, Gian Uberto Lauri sa...@eng.it wrote:
Tom H writes:
On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri sa...@eng.it wrote:
If some users needed to have the root power for a small set of
operation, then sudo would give them that extact power, no more no
less.
On Wed, Dec 11, 2013 at 10:56 PM, Ralf Mardorf
ralf.mard...@alice-dsl.net wrote:
http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
But note! The Chaos Computer Club does publish howtos using sudo on
Linux: http://muc.ccc.de/uberbus:ubd
I don't think
On Thu, Dec 12, 2013 at 9:40 AM, Gian Uberto Lauri sa...@eng.it wrote:
Bob Proulx writes:
Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least 'sudo bash', and then live
Tom H writes:
...must have successfully authenticated
to execute a sudo command once
Within the last 15 minutes.
...and it must be possible for users to modify the system time without
entering a password.
Which is, of course, not the case on Debian.
--
John Hasler
jhas...@newsguy.com
Tom H writes:
In the corporate environments where I work, we are about 70 sysadmins
in my location and about half as much in another. We all sudo to root
on our more or less 11,000 systems. So by your reckoning we have 100
critical accounts but that's not how our internal and external
Tom H writes:
On Thu, Dec 12, 2013 at 9:40 AM, Gian Uberto Lauri sa...@eng.it wrote:
Bob Proulx writes:
Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least
Iain M Conochie writes:
On 11/12/13 08:01, Gian Uberto Lauri wrote:
Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
You do understand what the peer review process is right?
I got it about 20 years ago. Is it enough?
Although not a
magic bullet,
Ralf Mardorf writes:
http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
The attack described in the post is the kind of hijack I thought
about.
But note! The Chaos Computer Club does publish howtos using sudo on
Linux: http://muc.ccc.de/uberbus:ubd
Bob Proulx writes:
Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least 'sudo bash', and then live
happy with a shell executed with the root id.
If your /etc/sudoers contains
On Thu, 2013-12-12 at 10:40 +0100, Gian Uberto Lauri wrote:
sudo date 2101
and feel younger ;)
That's a shoddy trick. I always wonder about that man:
Foreman said he had no plans to resume his career as a boxer, but then
announced in February 2004 that he was training for one more
On 12/12/13 08:20, Gian Uberto Lauri wrote:
Iain M Conochie writes:
On 11/12/13 08:01, Gian Uberto Lauri wrote:
Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
You do understand what the peer review process is right?
I got it about 20 years ago.
Iain M Conochie writes:
I got it about 20 years ago. Is it enough?
Mayeb - just maybe ;)
Indeed, never be sure! :)
You say it. It is not bullet proof. The bullet has already pierced the
target once. Therefore it may happen again.
May - but not assured.
Indeed. You usually prepare
On 12/12/13 11:43, Gian Uberto Lauri wrote:
Iain M Conochie writes:
I got it about 20 years ago. Is it enough?
Mayeb - just maybe ;)
Indeed, never be sure! :)
You say it. It is not bullet proof. The bullet has already pierced the
target once. Therefore it may happen again.
On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
For me, I usually set up 'sudo su'
sudo has the '-s' and '-i' switches, why mix with 'su'?
Kind regards,
On Thu, 12 Dec 2013 22:14:50 +0900
Osamu Aoki osamu_aoki_h...@nifty.com wrote:
On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote:
On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote:
On Du, 08 dec 13, 19:14:49, Neal Murphy wrote:
For me, I usually set up 'sudo su'
On Thu, 2013-12-12 at 22:14 +0900, Osamu Aoki wrote:
'sudo sh' is as easy on finger (no shift) and do not feel as bad.
Doesn't it have any side-effects?
I wonder about the prompt of an Arch Linux install.
[rocketmouse@archlinux ~]$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Aug 25 14:06 /bin/sh
Gian Uberto Lauri wrote:
Bob Proulx writes:
How would this be accomplished? (Answer cannot contain a use of sudo!
No circular logic please.)
...
Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
That is
Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
Choose a *very* good password.
For the encryption, I suppose. That once one has his hands on the
hardware there is no user/prom/bios password stopping his intrusion.
Unless they are a honey trap - and then you
Brian writes:
We do not worry about serious, unpublicised exploits. Their existance is
of little consquence for your argument as your attackers would not
know about them.
Are you kidding?
If what you are referring to is what I think it is then no machines were
ever harmed. Not that
Ralf Mardorf writes:
On Di, 2013-12-10 at 23:54 +0100, Gian Uberto Lauri wrote:
Clever attacks manifest themselves a long time after the infection in
order
to poison backups. And backup media may fail when they are most needed.
That's an effect of Murphy's law :).
Read about my
On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
What makes root special is not the name but the numerical user id and group
id, bot set to zero. See /etc/passwd.
Don't you have to be logged in to do that?
The issue was that there would be only one exploitable account, if
On Wed, 2013-12-11 at 09:39 +0100, Gian Uberto Lauri wrote:
Let's suppose that Debian+Ubuntu get the largest share of the
installed end user desktops.
The tendency is that seemingly newbies start using pre-build Linux
environments and use Linux as they would use Windows, IOW without
On Tue, Dec 10, 2013 at 11:11:34PM +, Lisi Reisz wrote:
On Tuesday 10 December 2013 06:39:17 Tom H wrote:
You can't trust yourself with sudo but you can trust yourself with
su or login root access...
I have to make a conscious effort to become root. This reduces the
risk that I will
Chris Bannister writes:
On Tue, Dec 10, 2013 at 11:50:00PM +0100, Gian Uberto Lauri wrote:
What makes root special is not the name but the numerical user id and
group id, bot set to zero. See /etc/passwd.
Don't you have to be logged in to do that?
Gentleman???
I was simply
Ralf Mardorf writes:
On Wed, 2013-12-11 at 09:39 +0100, Gian Uberto Lauri wrote:
Let's suppose that Debian+Ubuntu get the largest share of the
installed end user desktops.
The tendency is that seemingly newbies start using pre-build Linux
environments and use Linux as they would use
Chris Bannister writes:
This is in a tty, so don't know what will happen in an xterm or other
virtual terminal.
The virtual terminals usually honour ANSI escape sequences. For sure
xterm, the rxvt family and the libvte-based ones do.
But with virtual terminals you can do something like
On Wed, 2013-12-11 at 14:07 +0100, Gian Uberto Lauri wrote:
It happens that appliances are called back by manufacturers due safety
issues.
Debian and other distros provide security updates _and_ much more
important, analog to a product callback, homepages with news about the
distro. You need to
Ralf Mardorf writes:
On Wed, 2013-12-11 at 14:07 +0100, Gian Uberto Lauri wrote:
It happens that appliances are called back by manufacturers due safety
issues.
Debian and other distros provide security updates _and_ much more
important, analog to a product callback, homepages with
On Wed 11 Dec 2013 at 09:11:56 +0100, Gian Uberto Lauri wrote:
Brian writes:
We do not worry about serious, unpublicised exploits. Their existance is
of little consquence for your argument as your attackers would not
know about them.
Are you kidding?
About attackers being unable
On Wed, 2013-12-11 at 15:33 +0100, Gian Uberto Lauri wrote:
You need to inform yourself, to know that there's a callback for
the danger to life baby bottle.
Ouch, InsufficentEnglishSkillException! Could you help me please :)
Assumed a baby bottle does poison the milk, because they use
Gentleman, the exploits are unknown to you, not to the black market that
supplies
those investing in not perfectly legitimate software. Should I quote stuxnet
one more time or you took the time to read how it reached it's
not-network-connected intended targets?
--
Gian Uberto Lauri
Messaggio
On 11/12/13 08:01, Gian Uberto Lauri wrote:
Encrypt your hard disk.
Hoping that the encryption you use has no backdoor.
You do understand what the peer review process is right? Although not a
magic bullet, it can help weed this out.
Choose a *very* good password.
For the encryption, I
On Wed 11 Dec 2013 at 21:04:48 +0100, Gian Uberto Lauri wrote:
Gentleman, the exploits are unknown to you, not to the black market
that supplies those investing in not perfectly legitimate software.
Should I quote stuxnet one more time or you took the time to read how
it reached it's
http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
But note! The Chaos Computer Club does publish howtos using sudo on
Linux: http://muc.ccc.de/uberbus:ubd
I don't think the Chaos Computer Club folks would write a howto using
sudo, if sudo would be a
Ralf Mardorf wrote:
http://www.paritynews.com/2013/03/05/762/sudo-authentication-bypass-vulnerability-emerges/
In the article:
... it must be possible for users to modify the system time without
entering a password.
How would this be accomplished? (Answer cannot contain a use of sudo!
No
Ralf Mardorf writes:
On Wed, 2013-12-11 at 15:33 +0100, Gian Uberto Lauri wrote:
You need to inform yourself, to know that there's a callback for
the danger to life baby bottle.
Ouch, InsufficentEnglishSkillException! Could you help me please :)
Assumed a baby bottle
Tom H writes:
On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri sa...@eng.it wrote:
If some users needed to have the root power for a small set of
operation, then sudo would give them that extact power, no more no
less.
What are the benefits of The Macintosh/Ubuntu use of sudo?
Andrei POPESCU writes:
On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
Andrei POPESCU writes:
On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger
On Tue, 2013-12-10 at 08:47 +0100, Gian Uberto Lauri wrote:
Ralf Mardorf writes:
I know they hack servers, but was the Linux home PC of anybody on this
list ever hacked?
How could you detect? Are you sure you have the skills to detect this?
It's possible to e.g. monitor network traffic,
Ralf Mardorf writes:
On Tue, 2013-12-10 at 08:47 +0100, Gian Uberto Lauri wrote:
Ralf Mardorf writes:
I know they hack servers, but was the Linux home PC of anybody on this
list ever hacked?
How could you detect? Are you sure you have the skills to detect this?
It's
On Tue, 2013-12-10 at 12:08 +0100, Gian Uberto Lauri wrote:
Or not, at least until someone else wants your cpu-power, and in that
case you could find yourself left with no other option that cutting
the cables and reinstall.
It's not CPU power I would notice or that would cause issues. Many
* On 2013 10 Dec 05:10 -0600, Gian Uberto Lauri wrote:
That's the point. Current sudo default configuration is bad. That
4does not means that the whole sudo program is bad (except that for
Italian speakers it smells(*) :)). Does not add security but adds
potential harms.
Have you filed a
Nate Bargmann writes:
* On 2013 10 Dec 05:10 -0600, Gian Uberto Lauri wrote:
Have you filed a wishlist bug report against the sudo package explaining
your concerns about the defaults and suggesting better defaults? It's
not likely that the sudo package maintainer is reading this list so
* On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
If your complaint is simply that Debian even allows the option of a
single user account with sudo enabled rather than forcing separate root
and user accounts, then even I would resist the removal of the option.
Forgive me,
Nate Bargmann writes:
* On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
If your complaint is simply that Debian even allows the option of a
single user account with sudo enabled rather than forcing separate root
and user accounts, then even I would resist the removal of
* On 2013 10 Dec 10:12 -0600, Gian Uberto Lauri wrote:
Nate Bargmann writes:
* On 2013 10 Dec 08:32 -0600, Gian Uberto Lauri wrote:
If your complaint is simply that Debian even allows the option of a
single user account with sudo enabled rather than forcing separate
root
Ralf Mardorf writes:
bad luck, but not for me. If somebody would
break my Linux, I would restore it from a backup.
I would not stay on this not my problem stance[*], and I would not
trust backups as an absolute safety.
I don't understand why sudo should be less save.
Because its standard
Nate Bargmann writes:
I did a Wheezy install on Sunday and, yes, leaving the root password
fields empty in the installer results in the first user account being in
the sudo group.
Uh, really does it leave root account password-less? Or disables
logging in as root ?
--
/\ ___
Gian Uberto Lauri writes:
Some of your argument seems to suggest that the Debian installer should
not offer the option of leaving the root password blank
Gian Uberto Lauri
IT DOES? AAARGH!
It *disables* the root account. Thus there is only one vulnerable
account.
--
John Hasler
On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
Gian Uberto Lauri writes:
Some of your argument seems to suggest that the Debian installer should
not offer the option of leaving the root password blank
Gian Uberto Lauri
IT DOES? AAARGH!
It *disables* the root
Gian Uberto Lauri writes:
Uh, really does it leave root account password-less? Or disables
logging in as root ?
It disables the root account.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe.
* On 2013 10 Dec 11:01 -0600, Gian Uberto Lauri wrote:
Nate Bargmann writes:
I did a Wheezy install on Sunday and, yes, leaving the root password
fields empty in the installer results in the first user account being in
the sudo group.
Uh, really does it leave root account
John Hasler writes:
It *disables* the root account. Thus there is only one vulnerable
account.
Phew :)
--
/\ ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_ African word
//--\| | \| | Integralista GNUslamico
y...@marupa.net writes:
Not only that, but now whoever seeks to compromise your account has the
added
challenge of figuring out just what, exactly, the name of the
account is.
Usually attackers first try to enter -possibly using a faulty
service-, then to exploit some vulnerability.
Nate Bargmann writes:
* On 2013 10 Dec 11:01 -0600, Gian Uberto Lauri wrote:
Nate Bargmann writes:
I did a Wheezy install on Sunday and, yes, leaving the root password
fields empty in the installer results in the first user account being in
the sudo group.
Uh, really
On 10/12/13 16:56, Gian Uberto Lauri wrote:
snip
Physical security is indeed an issue. When attackers can put their
greedy hands on a computer there is nothing to stop them :)
Encrypt your hard disk. Choose a *very* good password. That will slow
them down, if not halt them. But it depends on
On Tue 10 Dec 2013 at 18:23:21 +0100, Gian Uberto Lauri wrote:
y...@marupa.net writes:
Not only that, but now whoever seeks to compromise your account has the
added
challenge of figuring out just what, exactly, the name of the
account is.
Usually attackers first try to enter
On Tue 10 Dec 2013 at 11:18:17 -0600, y...@marupa.net wrote:
On Tuesday, December 10, 2013 11:15:26 AM John Hasler wrote:
Gian Uberto Lauri writes:
Some of your argument seems to suggest that the Debian installer should
not offer the option of leaving the root password blank
Gian
On Di, 2013-12-10 at 17:56 +0100, Gian Uberto Lauri wrote:
I would not trust backups as an absolute safety
You don't trust backups? Why?
Regards,
Ralf
PS: I make complete backups, IOW I backup everything, don't sync, but
make complete new backups nearly daily. At the end of a month I delete
On Di, 2013-12-10 at 19:46 +, Brian wrote:
The English is fine but I wish I understood the implications of 0:0.
root:root?
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
On Tue 10 Dec 2013 at 22:04:00 +0100, Ralf Mardorf wrote:
On Di, 2013-12-10 at 19:46 +, Brian wrote:
The English is fine but I wish I understood the implications of 0:0.
root:root?
More than likely; but its significance in the contaxt it was given still
escapes me. (Probably because
I was guessing that it refered to Display 0:0 of the X server as the
discussion centered on running X as root at one point.
- Nate
--
The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true.
Ham radio, Linux, bikes, and more:
On Tue 10 Dec 2013 at 15:32:57 -0600, Nate Bargmann wrote:
I was guessing that it refered to Display 0:0 of the X server as the
discussion centered on running X as root at one point.
May I withdraw my More than likely? There has to be a time when the
guessing has to cease,
--
To
On Di, 2013-12-10 at 21:44 +, Brian wrote:
On Tue 10 Dec 2013 at 15:32:57 -0600, Nate Bargmann wrote:
I was guessing that it refered to Display 0:0 of the X server as the
discussion centered on running X as root at one point.
May I withdraw my More than likely? There has to be a time
On Tuesday 10 December 2013 16:50:54 Nate Bargmann wrote:
I presume that entering a password in those fields results in root
having its own password and the first user account not being a
member of the sudo group.
That is what I assumed, but as a result of this thread I just tested.
I have
On 10/dic/2013, at 20:46, Brian a...@cityscape.co.uk wrote:
Quite possibly this is a technique which is tried but, in a default
install, Debian does not provide any faulty services.
You are never sure about not-yet publicized exploits.
And some time ago there was a problem with sone ssh
Clever attacks manifest themselves a long time after the infection in order
to poison backups. And backup media may fail when they are most needed.
That's an effect of Murphy's law :).
--
Gian Uberto Lauri
Messaggio inviato da un tablet
On 10/dic/2013, at 21:54, Ralf Mardorf
On Tuesday 10 December 2013 06:39:17 Tom H wrote:
You can't trust yourself with sudo but you can trust yourself with
su or login root access...
I have to make a conscious effort to become root. This reduces the
risk that I will accidentally do something extra foolish. I do not
have root
On Tuesday, December 10, 2013 05:56:24 PM Lisi Reisz wrote:
On Tuesday 10 December 2013 16:50:54 Nate Bargmann wrote:
I presume that entering a password in those fields results in root
having its own password and the first user account not being a
member of the sudo group.
That is what I
On Tue 10 Dec 2013 at 23:50:00 +0100, Gian Uberto Lauri wrote:
On 10/dic/2013, at 20:46, Brian a...@cityscape.co.uk wrote:
Quite possibly this is a technique which is tried but, in a default
install, Debian does not provide any faulty services.
You are never sure about not-yet
On Di, 2013-12-10 at 23:54 +0100, Gian Uberto Lauri wrote:
Clever attacks manifest themselves a long time after the infection in order
to poison backups. And backup media may fail when they are most needed.
That's an effect of Murphy's law :).
Read about my backup strategy below. Only one time
Lisi Reisz writes:
On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
If you look back in the mailing list archives you will find a
recent discussion where there were some people who didn't like
sudo. I was shocked by that because I always thought that most
people liked it.
On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
What are the benefits of The Macintosh/Ubuntu use of sudo? Improved
security? Are you kidding? Whatever the user I compromise I have root
access, just type sudo bash.
sudo doesn't make this worse, just slightly easier. Compromising any
Andrei POPESCU writes:
On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
What are the benefits of The Macintosh/Ubuntu use of sudo? Improved
security? Are you kidding? Whatever the user I compromise I have root
access, just type sudo bash.
sudo doesn't make this worse, just
2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
This is not true. Only the user account which is in /etc/sudoers can use
the sudo command. In Debian default it
Gian Uberto Lauri writes:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
Ubuntu grants sudo privileges only to the first user account created.
As there is no root account, there is just one account with root
Nemeth Gyorgy writes:
2013-12-09 10:56 keltezéssel, Gian Uberto Lauri írta:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
This is not true. Only the user account which is in /etc/sudoers can use
the
John Hasler writes:
Gian Uberto Lauri writes:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
Ubuntu grants sudo privileges only to the first user account created.
As there is no root account, there is
2013-12-09 14:43 keltezéssel, Gian Uberto Lauri írta:
This is not true. Only the user account which is in /etc/sudoers can use
the sudo command. In Debian default it acutally means the members of the
sudo group.
AFAIK it means those listed in /etc/sudoers, according to the
behaviour
On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
Could you please elaborate on this? In Debian's default configuration
this is simply not true.
Andrei POPESCU writes:
On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
Could you please elaborate on this? In Debian's default configuration
On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
Think about this scenario: someone devises a clever way to slip a
Trojan in a user account.
Than the trojan has got user privileges only. If it's a key logger it
can read what password you type for sudo, but also what you type for su.
On Mon, Dec 9, 2013 at 8:09 AM, Gian Uberto Lauri sa...@eng.it wrote:
Lisi Reisz writes:
On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
If you look back in the mailing list archives you will find a
recent discussion where there were some people who didn't like
sudo. I was shocked
On Mon, Dec 9, 2013 at 9:56 AM, Gian Uberto Lauri sa...@eng.it wrote:
Andrei POPESCU writes:
On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
What are the benefits of The Macintosh/Ubuntu use of sudo? Improved
security? Are you kidding? Whatever the user I compromise I have root
access,
On Monday 09 December 2013 18:55:33 Tom H wrote:
Yes, I don't like it and always want a root password. As you
say, this is and has been contentious.
Having a password for root and having sudo installed and set up
isn't an either/or proposition.
We have already agreed surely that horses
On Lu, 09 dec 13, 18:13:07, Gian Uberto Lauri wrote:
Andrei POPESCU writes:
On Lu, 09 dec 13, 10:56:22, Gian Uberto Lauri wrote:
sudo makes it a bit worse. Any user account opens the door to the root
account. Therefore you have to guard a larger perimeter.
Could you please
On Mon, Dec 9, 2013 at 10:38 PM, Lisi Reisz lisi.re...@gmail.com wrote:
On Monday 09 December 2013 18:55:33 Tom H wrote:
Yes, I don't like it and always want a root password. As you
say, this is and has been contentious.
Having a password for root and having sudo installed and set up
isn't
Ralf Mardorf writes:
On Mon, 2013-12-09 at 18:13 +0100, Gian Uberto Lauri wrote:
Think about this scenario: someone devises a clever way to slip a
Trojan in a user account.
Than the trojan has got user privileges only. If it's a key logger it
can read what password you type for
On Saturday 07 December 2013 21:36:30 Bob Proulx wrote:
If you look back in the mailing list archives you will find a
recent discussion where there were some people who didn't like
sudo. I was shocked by that because I always thought that most
people liked it.
Yes, I don't like it and always
1 - 100 of 106 matches
Mail list logo