subject:"sudo and UNIXes"

On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
 Reco recovery...@gmail.com writes:
  True, you need to add to the picture that curious user who just read on
  Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
  disgruntled user who needs /etc/system changed right here and now. Or
  that developer who needs to do this 'small change, nobody will notice'
  on a production server.
  And if you don't have such people there - good for you, as here we can
  always find such person here.
 
 You also have to add to the picture such a vulnerability, and I haven't
 noticed any.

If we're speaking of public vulnerabilities:

CVE-2010-0427.
CVE-2013-1775 (allows bypass sudoders modification to retain root
privileges).

I have no knowledge about private 0days.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028134702.GA23316@x101h

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Mon, Oct 28, 2013 at 09:37:02AM -0400, Tom H wrote:
 On Sun, Oct 27, 2013 at 3:31 AM, Reco recovery...@gmail.com wrote:
  On Sat, 26 Oct 2013 21:50:23 +
  Tom H tomh0...@gmail.com wrote:
  On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote:
 
  Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
  definitely not sudo too.
 
  It might not be sudo but it's the same principle of privilege escalation.
 
  sudo's simpler to set up so I've yet to work at any Solaris shop where
  it hasn't been installed (it's not necessarily used though; I
  moonlight at two companies where telnetting as root is the norm...).
 
  I agree that sudo is simpler to setup. I disagree that sudo is
  installed everywhere where Solaris is.
  Because - it's third-party software. And people don't like to install
  third-party software ('vendor didn't included it - we don't use it').
 
 Your experience may be different but you can't disagree with what's
 been my experience over many years in many different companies!

Of course I agree with you. You've seen what you have seen, I have no
doubts about that. Of course there are people who use sudo on Solaris,
but - there are people who are not, and who are won't do it. Third-party
status is one of the reasons for it.

Reco.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028135129.GB23316@x101h

Re: sudo and UNIXes

2013-10-28 Thread Lars Noodén

On 10/28/2013 03:47 PM, Reco wrote:
 On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
[snip]
 You also have to add to the picture such a vulnerability, and I haven't
 noticed any.
 
 If we're speaking of public vulnerabilities:
 
 CVE-2010-0427.
 CVE-2013-1775 (allows bypass sudoders modification to retain root
 privileges).

CVE-2010-0427 may be the better example of the two, though it relies on
a special configuration.

CVE-2013-1775 is a rather contrived case and needs physical access.  The
general perception is that the game is over anyway when there is
physical access.

/Lars


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/526e6d10.5070...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Sun, Oct 27, 2013 at 08:15:43PM -0600, Bob Proulx wrote:
 Reco wrote:
  Oh. You mean that HP suddenly transformed to good fairies and stopped
  charging extra for aCC? Or IBM received an encrypted signal from their
  supervisors from Mars and did the same to vacc? And don't even mention
  Sun, those guys managed to build their base system with two different C
  compilers at once (gcc and that thing they put in Sun Studio instead
  of C compiler).
 
 Wait.  You mean the first thing you compile on a new system isn't gcc?
 Sometimes it would be 'make' first.  Then gcc, binutils, and the rest
 of the support chain.  The make again using gcc.  Then a hundred
 others!

Yep. On Solaris I use vendor packages with gcc, gmake and GNU toolchain.
On AIX I use Linux Compatibility toolkit, and it provides me GNU
toolchain too.
Luckily I don't have to compile anything for HP-UX. Heard someone built
gcc for it, didn't needed it so far.

Once I've bootstrapped GNU toolchain on Solaris (it was x86 so it was
relatively fast), and I have no desire to repeat this process on, say,
T2000.

 
  As for 'solid base'... C'mon, treating openssh as a third-party tool? No
  meaningful firewall in default install? Telnet and FTP (root is allowed
  by default) enabled by default and are listening 0.0.0.0? Mandatory
  access control as a paid feature? Clearly our definitions of 'solid
  base' are different.
 
 By solid base I mean the Unix kernel.  Have you ever needed to rescue
 a system suffering under a fork-bomb?

Well, there was that incident with Solaris projects and limiting LWPs
with them, and I thought it was a good idea to test it with Perl fork
bomb. That particular project was configured wrong way :(
Bugger ate all memory just as fine as it'd did on Linux. Forking any
process wasn't possible as a result. So, server was bounced.


 Under the Linux kernel with
 defaults you will need to power cycle it.  Even if you were already
 logged into it at best you would rather quickly get Connection closed
 by foreign host.  But I have been able to log into HP-UX systems
 while under such stress and was able to kill the offending processes.
 That is what I meant by a solid base.  It has a solid kernel.  That is
 the base of the operating system.

I didn't test fork bombs on HP-UX (that's something I'll probably do in
the future). If they use optimistic memory allocation, it'll be an
interesting experience.


 The other things you mention I
 place in another layer above it.  Most are policy decisions about
 telnet, ftp, and others wide open you can affect and change when it is
 your system to maintain.  There isn't any reason not to turn off
 telnet and ftp entirely for example.

That's a legitimate point of view. But I prefer the systems in which I
don't have to turn off anything unneeded (ideally, I don't have to install
anything I don't need).


 But I agree about the security aspect.  When I have needed to put one
 of those legacy systems on the net I usually protected it by putting
 it behind a separate firewall box.  Because of some of the problems
 you mention.  Using a separate proxy box for just the task needed made
 the security easier.  But that doesn't make the machine less reliable
 for running large loads with an uptime of years.

There's nothing you wrote here I'd disagree with.


 And one must be careful of throwing stones.  For example Debian does
 not provide a firewall by default.  And it is debatable if it needs
 one.  Many people don't configure one.  Many people do.  It all
 depends upon many things about the use case.  I don't put one on
 internal machines.  But I do put one on front facing machines.

That's Debian fault indeed. But at least they don't include any network
services worth speaking of (should we count NFS portmapper, or not?) in
an installation produced by netboot.


   You left the large unless local sysadmins care about security escape
   clause there.  But what about if the local admin *does* care about
   security?  In that case you can have a system with _better_ security
   than that provided by the vendor.
  
  If local sysadmin cares about security then that site is truly blessed.
  No irony. See, I earn my salary for solving problems with certain
  proprietary cross-platform software. As a part of job, I visit may
  different places, and what do I see there?
 
 No need to try to convince me.  I have seen many horrors.  But I don't
 think this problem is specific to the legacy Unix vendors.

Of course not, that's something I've admitted in the same mail. UNIXes
just make managing useful third-party software harder, that's all.

  Not that UNIXes are that bad. It happens for any OS, GNU/Linux included.
 
 And that is exactly my point.  The biggest place I see problems today
 are companies that have full paid support for RHEL.  But they are
 running very old and outdated software.  I ask them why they are
 running RHEL and the answer is invariably because that was a
 commercially supported

Re: sudo and UNIXes

On Mon, Oct 28, 2013 at 03:56:32PM +0200, Lars Noodén wrote:
 On 10/28/2013 03:47 PM, Reco wrote:
  On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
 [snip]
  You also have to add to the picture such a vulnerability, and I haven't
  noticed any.
  
  If we're speaking of public vulnerabilities:
  
  CVE-2010-0427.
  CVE-2013-1775 (allows bypass sudoders modification to retain root
  privileges).
 
 CVE-2010-0427 may be the better example of the two, though it relies on
 a special configuration.
 
 CVE-2013-1775 is a rather contrived case and needs physical access.  The
 general perception is that the game is over anyway when there is
 physical access.

Still, they are (hopefully fully fixed) vulnerabilities, and they allow
escalation to root, aren't they?

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028143416.GD23316@x101h

Re: sudo and UNIXes

2013-10-28 Thread Joe Pfeiffer

Reco recovery...@gmail.com writes:

 On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
 Reco recovery...@gmail.com writes:
  True, you need to add to the picture that curious user who just read on
  Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
  disgruntled user who needs /etc/system changed right here and now. Or
  that developer who needs to do this 'small change, nobody will notice'
  on a production server.
  And if you don't have such people there - good for you, as here we can
  always find such person here.
 
 You also have to add to the picture such a vulnerability, and I haven't
 noticed any.

 If we're speaking of public vulnerabilities:

 CVE-2010-0427.

Does not permit users outside of those in the sudoers file (or with the
root password) to escalate privileges.

 CVE-2013-1775 (allows bypass sudoders modification to retain root
 privileges).

Again -- isn't basically equivalent to giving everyone uid=0.  Permits
someone who *has* sudo access to avoid retyping a password.

 I have no knowledge about private 0days.

 Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1bvc0hcqqo@snowball.wb.pfeifferfamily.net

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-28 Thread Tom H

On Mon, Oct 28, 2013 at 1:51 PM, Reco recovery...@gmail.com wrote:
On Mon, Oct 28, 2013 at 09:37:02AM -0400, Tom H wrote:
On Sun, Oct 27, 2013 at 3:31 AM, Reco recovery...@gmail.com wrote:
On Sat, 26 Oct 2013 21:50:23 +
Tom H tomh0...@gmail.com wrote:
On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote:

Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
definitely not sudo too.

It might not be sudo but it's the same principle of privilege escalation.

sudo's simpler to set up so I've yet to work at any Solaris shop where
it hasn't been installed (it's not necessarily used though; I
moonlight at two companies where telnetting as root is the norm...).

I agree that sudo is simpler to setup. I disagree that sudo is
installed everywhere where Solaris is.
Because - it's third-party software. And people don't like to install
third-party software ('vendor didn't included it - we don't use it').

Your experience may be different but you can't disagree with what's
been my experience over many years in many different companies!

Of course I agree with you. You've seen what you have seen, I have no
doubts about that. Of course there are people who use sudo on Solaris,
but - there are people who are not, and who are won't do it. Third-party
status is one of the reasons for it.

It's a question of cost/benefit. The IT department asks itself: Does
the cost of installing and maintaining sudo outweigh the benefit of
integrating it into the admin workflow?

Invariably the answer's been yes everywhere that I've worked, in
spite of the third-party nature of sudo (and the same goes with lsof
BTW, although far less often), to the _official_ dismay of visiting
Sun/Oracle reps and admins.

Using sudo also aligns switch to root for sysadmins and switch to
their special users for developers on Solaris and Linux in terms or
use, logging, and auditing.

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/CAOdo=szac-chpcz7n-kwyemymhtfzdfiqrdub2fxhq81zs1...@mail.gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

Reco wrote:
 Bob Proulx wrote:
  And one must be careful of throwing stones.  For example Debian does
  not provide a firewall by default.  And it is debatable if it needs
  one.  Many people don't configure one.  Many people do.  It all
  depends upon many things about the use case.  I don't put one on
  internal machines.  But I do put one on front facing machines.
 
 That's Debian fault indeed. But at least they don't include any network
 services worth speaking of (should we count NFS portmapper, or not?) in
 an installation produced by netboot.

Is 'rpcbind' installed by default?  I will need to look.  I wonder why
it would be there?

  That is an exaggeration.  For one it would need to be a local exploit
  for sudo to come in play.
 
 Ok, let's say … CVE-2010-0427. Somewhat old, but possible.

CVE-2010-0427 is a local only exploit.  (Failure to reset group
permissions properly.)  So it would need to be a locally known user in
order to exploit it.  Not the same as having written the password on a
T-shirt and wearing it around.

  Therefore it would require a local user to
  attack it.  A local access attack.
 
 SSH or telnet which is given such user for any legitimate purpose
 will do just fine.

Yes.  But as described on these old Unix systems they are almost
certainly part of the company, part of the family.  There are
different levels of security needed to get jobs done.  Not every
system needs to have ultimate security applied to it.  And again it
isn't the same as putting it on a T-shirt and wearing it around.

  The password on a t-shirt would require simply require someone who
  could walk by the admin and see it to gain remote access.
 
 Hmm. Usually they keep developers, end users and sysadmins separated
 here. So it's basically the same access complexity.

Goodness forbid that developers would ever talk with users or
sysadmins!  :-(

 And sudo isn't that important. There's always Swiss-cheese
 web-interfaces today :)

People are writing new bugs every day!  Those that do not study
history are doomed to repeat it.

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Mon, Oct 28, 2013 at 11:45:03AM -0600, Bob Proulx wrote:
 Reco wrote:
  Bob Proulx wrote:
   And one must be careful of throwing stones.  For example Debian does
   not provide a firewall by default.  And it is debatable if it needs
   one.  Many people don't configure one.  Many people do.  It all
   depends upon many things about the use case.  I don't put one on
   internal machines.  But I do put one on front facing machines.
  
  That's Debian fault indeed. But at least they don't include any network
  services worth speaking of (should we count NFS portmapper, or not?) in
  an installation produced by netboot.
 
 Is 'rpcbind' installed by default?  I will need to look.  I wonder why
 it would be there?

Part of a NFS client, I guess. Package is not marked as an essential one,
though. Running a diskless client over NFS would be a curious trick
without NFS support enabled.


   That is an exaggeration.  For one it would need to be a local exploit
   for sudo to come in play.
  
  Ok, let's say … CVE-2010-0427. Somewhat old, but possible.
 
 CVE-2010-0427 is a local only exploit.  (Failure to reset group
 permissions properly.)  So it would need to be a locally known user in
 order to exploit it.  Not the same as having written the password on a
 T-shirt and wearing it around.

I fail to see how one could be given an SSH access to the host, be able
to use sudo (and do so successfully), and still not be a local user.
I must miss something here, can you please enlighten me?


  SSH or telnet which is given such user for any legitimate purpose
  will do just fine.
 
 Yes.  But as described on these old Unix systems they are almost
 certainly part of the company, part of the family.  There are
 different levels of security needed to get jobs done.  Not every
 system needs to have ultimate security applied to it.  And again it
 isn't the same as putting it on a T-shirt and wearing it around.

Servers are usually differentiated by their lifecycle status indeed.
Purpose of testing and development servers that don't even try to mimic
production environment always eluded me.


   The password on a t-shirt would require simply require someone who
   could walk by the admin and see it to gain remote access.
  
  Hmm. Usually they keep developers, end users and sysadmins separated
  here. So it's basically the same access complexity.
 
 Goodness forbid that developers would ever talk with users or
 sysadmins!  :-(

Not funny. That's exactly what goes on here usually. About the only
people who can (and will) speak to everybody are helpdesk and HRs.
Old 'divide and rule' principle applied at a shop level.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028180553.GA29376@x101h

Re: sudo and UNIXes

On Mon, Oct 28, 2013 at 10:19:43AM -0600, Joe Pfeiffer wrote:
 Reco recovery...@gmail.com writes:
  You also have to add to the picture such a vulnerability, and I haven't
  noticed any.
 
  If we're speaking of public vulnerabilities:
 
  CVE-2010-0427.
 
 Does not permit users outside of those in the sudoers file (or with the
 root password) to escalate privileges.

Lessens attack surface, but doesn't void the existence of vulnerability.

 
  CVE-2013-1775 (allows bypass sudoders modification to retain root
  privileges).
 
 Again -- isn't basically equivalent to giving everyone uid=0.  Permits
 someone who *has* sudo access to avoid retyping a password.

Not only that. Permits someone who already has sudo access to continue
having such access indefinitely, ignoring being excluded from sudoers
altogether.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028181130.GB29376@x101h

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

Reco wrote:
 Bob Proulx wrote:
  Is 'rpcbind' installed by default?  I will need to look.  I wonder why
  it would be there?
 
 Part of a NFS client, I guess. Package is not marked as an essential one,
 though. Running a diskless client over NFS would be a curious trick
 without NFS support enabled.

NFS client is not enabled by default.  So that wouldn't be it.

I just tried a minimum installation of Debian Wheezy in a VM and
rpcbind was not installed.  Are you sure it is installed by default?

  CVE-2010-0427 is a local only exploit.  (Failure to reset group
  permissions properly.)  So it would need to be a locally known user in
  order to exploit it.  Not the same as having written the password on a
  T-shirt and wearing it around.
 
 I fail to see how one could be given an SSH access to the host, be able
 to use sudo (and do so successfully), and still not be a local user.
 I must miss something here, can you please enlighten me?

You said using outdated sudo is an equivalent to wearing T-shirt with
a root password written on it as an end result will be the same.  I
was refuting that statement.  It isn't even close to being the same.
Using sudo would require a local user exploit.  You seem to agree that
it would require a local user to exploit it.  Having the root password
publicly known does not require a local user.  They are not the same
class of issue at all.  Not even close.

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes

2013-10-28 Thread John Hasler

Bob Proulx writes:
 I just tried a minimum installation of Debian Wheezy in a VM and
 rpcbind was not installed.  Are you sure it is installed by default?

Rpcbind is priority standard.  It is neither essential nor
required.  Thus whether it is installed by default or not depends on
how you define a minimum installation.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/874n81gnpl@thumper.dhh.gt.org

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Mon, Oct 28, 2013 at 01:14:33PM -0600, Bob Proulx wrote:
 Reco wrote:
  Bob Proulx wrote:
   Is 'rpcbind' installed by default?  I will need to look.  I wonder why
   it would be there?
  
  Part of a NFS client, I guess. Package is not marked as an essential one,
  though. Running a diskless client over NFS would be a curious trick
  without NFS support enabled.
 
 NFS client is not enabled by default.  So that wouldn't be it.
 
 I just tried a minimum installation of Debian Wheezy in a VM and
 rpcbind was not installed.  Are you sure it is installed by default?

No, I'm unsure. May be it was minimum install + recommended server install
(whatever it is called now actually). Did minimum install had any
network services activated?


   CVE-2010-0427 is a local only exploit.  (Failure to reset group
   permissions properly.)  So it would need to be a locally known user in
   order to exploit it.  Not the same as having written the password on a
   T-shirt and wearing it around.
  
  I fail to see how one could be given an SSH access to the host, be able
  to use sudo (and do so successfully), and still not be a local user.
  I must miss something here, can you please enlighten me?
 
 You said using outdated sudo is an equivalent to wearing T-shirt with
 a root password written on it as an end result will be the same.  I
 was refuting that statement.  It isn't even close to being the same.
 Using sudo would require a local user exploit.  You seem to agree that
 it would require a local user to exploit it.  Having the root password
 publicly known does not require a local user.  They are not the same
 class of issue at all.  Not even close.

Point taken. And what about the end result ('user will get root privs')?

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131028201600.GA8940@x101h

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

Reco wrote:
 And what about the end result ('user will get root privs')?

They are different users.  A remote user could be anyone.  A local
user is someone who is already known and has an account on the system
and who has an established relationship and trust.

Case 1: I find that someone in my family who lives in my house has
rumaged through my underwear drawer.  A violation of trust has
occurred.  I am unhappy and will talk with them and give them a harsh
lecture.  This is not appropriate behavior.

Case 2: I find someone who is not a member of my family and who does
not live in my house and who I don't know has rummaged through my
underwear drawer.  A very serious crime has been committed.  I live in
a state where I am fully legally protected if I shoot them dead.

The crime is the same in both cases.  The only difference is who has
done it.  Your argument is that they are the same.  My argument is
that they are different.

This discussion has become circular.  We are at irreconcilable
differences.  Therefore I will close my part of it with this thought:

Security is the one part of the system that by design makes the system
harder to use.  Hopefully infinitely hard to the bad guys.  Hopefully
less so for the good guys.  But of course no system is perfect and the
only 100% safe system is one that is off.  Anything else is a compromise.

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes

John Hasler wrote:
 Bob Proulx writes:
  I just tried a minimum installation of Debian Wheezy in a VM and
  rpcbind was not installed.  Are you sure it is installed by default?
 
 Rpcbind is priority standard.  It is neither essential nor
 required.  Thus whether it is installed by default or not depends on
 how you define a minimum installation.

Ah!  That explains it.  I had nothing in tasksel checked.  But if I do
check Standard system then rpcbind is installed.  That explains it.

I usually don't install the Standard system because that installs
Exim (a find tool) but I always install Postfix which much then push
it out.  Therefore I never select standard system and always install
Postfix and other things later.  That is how I missed it.  But I would
consider the Standard system utilities selection to be a normal
small Debian install.

I don't think rpcbind should be priority standard these days.  I
wonder if it would be possible to convince people that it should be
demoted to installed only as a dependency instead.  Or if it is needed
to learn why it is still needed.

Thanks!
Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-28 Thread Tom H

On Mon, Oct 28, 2013 at 7:14 PM, Bob Proulx b...@proulx.com wrote:
 Reco wrote:
 Bob Proulx wrote:

 Is 'rpcbind' installed by default?  I will need to look.  I wonder why
 it would be there?

 Part of a NFS client, I guess. Package is not marked as an essential one,
 though. Running a diskless client over NFS would be a curious trick
 without NFS support enabled.

 NFS client is not enabled by default.  So that wouldn't be it.

 I just tried a minimum installation of Debian Wheezy in a VM and
 rpcbind was not installed.  Are you sure it is installed by default?

The standard task installs both nfs-common and rpcbind.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=sz+jfdtfuh8vsbmvsf2cplelk1_212j99c+wkpeb+k...@mail.gmail.com

Re: sudo and UNIXes

2013-10-28 Thread John Hasler

Bob Proulx writes:
 I don't think rpcbind should be priority standard these days.  I
 wonder if it would be possible to convince people that it should be
 demoted to installed only as a dependency instead.  Or if it is needed
 to learn why it is still needed.

Standard consists of packages that you would be surprised not to find
on a UNIX system.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87zjptezem@thumper.dhh.gt.org

portmapper / rpcbind installed by default (was: sudo and UNIXes)

John Hasler wrote:
 Bob Proulx writes:
  I don't think rpcbind should be priority standard these days.  I
  wonder if it would be possible to convince people that it should be
  demoted to installed only as a dependency instead.  Or if it is needed
  to learn why it is still needed.
 
 Standard consists of packages that you would be surprised not to find
 on a UNIX system.

Hmm...  That is another statement that sounds like it says something
but in reality doesn't define anything.  There are many things I would
be surprised not to find on a Unix system that isn't installed by
default.  I would be surprised not to find a C compiler and 'make'.  I
would be surprised not to find 'less'.  Also 'at', 'ed', 'mailx',
'ssh', and 'rsync'.  And I would be surprised if my list were even
close to the same list as other people.  And there is the problem with
that statement.  :-)

But the portmapper is very closely associated with Sun RPC.  If I have
not installed anything in that family then I would not expect to find
the portmapper installed.  But it certainly is a valid dependency.  I
think it would be more appropriate to have it pulled in upon needing
it as a dependency of other packages.  It is already a dependency of
nfs-common.  I would simply stop there.

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

Tom H wrote:
 The standard task installs both nfs-common and rpcbind.

Aha!  Apparently the ability to nfs mount in /etc/fstab is the root
cause of the dependency chain that requires nfs-common and therefore
portmapper.  At a guess.

Bob


signature.asc
Description: Digital signature

Re: portmapper / rpcbind installed by default (was: sudo and UNIXes)

Bob Proulx wrote:
 John Hasler wrote:
  Standard consists of packages that you would be surprised not to find
  on a UNIX system.
 
 But the portmapper is very closely associated with Sun RPC.  If I have
 not installed anything in that family then I would not expect to find
 the portmapper installed.  But it certainly is a valid dependency.  I
 think it would be more appropriate to have it pulled in upon needing
 it as a dependency of other packages.  It is already a dependency of
 nfs-common.  I would simply stop there.

Aha!  I had forgotten about /etc/fstab.  That is the first link in the
chain of dependencies.

  man fstab

In order to support nfs mounts in /etc/fstab it needs nfs-common and
portmapper installed.  And therefore I _had_ actually installed
something, /etc/fstab, that would pull in the Sun RPC family by
default.  Hmm...

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-27 Thread Reco

 Hi.

On Sat, 26 Oct 2013 21:50:23 +
Tom H tomh0...@gmail.com wrote:

 On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote:
 
 
  Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
  definitely not sudo too.
 
 It might not be sudo but it's the same principle of privilege escalation.
 
 sudo's simpler to set up so I've yet to work at any Solaris shop where
 it hasn't been installed (it's not necessarily used though; I
 moonlight at two companies where telnetting as root is the norm...).

I agree that sudo is simpler to setup. I disagree that sudo is
installed everywhere where Solaris is.
Because - it's third-party software. And people don't like to install
third-party software ('vendor didn't included it - we don't use it').
As for telnet as a root - the very setup of Solaris (before 10u4 iirc),
pushed one to do exactly this (ssh required manual generation of host
keys, telnet was already there and worked, root is the only working
user after install).


  Considering that primary usage of sudo is to provide controlled
  privilege escalation to uid=0, using unsupported (therefore - not
  updated unless local sysadmins care about security) sudo on these OSes
  is basically equivalent to giving everyone uid=0.
 
  Somewhat exaggerated :)
 
  No offense meant, but probably you're living in a some kind of IT
  paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of
  paradise.
 
 Not updating/patching sudo isn't equivalent to giving everyone root
 access! It's a BIG leap!

True, you need to add to the picture that curious user who just read on
Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
disgruntled user who needs /etc/system changed right here and now. Or
that developer who needs to do this 'small change, nobody will notice'
on a production server.
And if you don't have such people there - good for you, as here we can
always find such person here.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131027113150.5d165f99e540507a98921...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-27 Thread Bob Proulx

Reco wrote:
 Bob Proulx wrote:
  Most of those systems ship very little by their vendors.  I have used
  them for many years and almost all of the software that you will use
  on those systems will have been compiled and installed by the local
  admin.  IMNHO they are mainly a good solid base upon which you as the
  local admin build the working system upon.  And for me if we are
  talking about what we compile locally from source I would need to look
  but the list is several hundred packages long!
 
 Oh. You mean that HP suddenly transformed to good fairies and stopped
 charging extra for aCC? Or IBM received an encrypted signal from their
 supervisors from Mars and did the same to vacc? And don't even mention
 Sun, those guys managed to build their base system with two different C
 compilers at once (gcc and that thing they put in Sun Studio instead
 of C compiler).

Wait.  You mean the first thing you compile on a new system isn't gcc?
Sometimes it would be 'make' first.  Then gcc, binutils, and the rest
of the support chain.  The make again using gcc.  Then a hundred
others!

 As for 'solid base'... C'mon, treating openssh as a third-party tool? No
 meaningful firewall in default install? Telnet and FTP (root is allowed
 by default) enabled by default and are listening 0.0.0.0? Mandatory
 access control as a paid feature? Clearly our definitions of 'solid
 base' are different.

By solid base I mean the Unix kernel.  Have you ever needed to rescue
a system suffering under a fork-bomb?  Under the Linux kernel with
defaults you will need to power cycle it.  Even if you were already
logged into it at best you would rather quickly get Connection closed
by foreign host.  But I have been able to log into HP-UX systems
while under such stress and was able to kill the offending processes.
That is what I meant by a solid base.  It has a solid kernel.  That is
the base of the operating system.  The other things you mention I
place in another layer above it.  Most are policy decisions about
telnet, ftp, and others wide open you can affect and change when it is
your system to maintain.  There isn't any reason not to turn off
telnet and ftp entirely for example.

But I agree about the security aspect.  When I have needed to put one
of those legacy systems on the net I usually protected it by putting
it behind a separate firewall box.  Because of some of the problems
you mention.  Using a separate proxy box for just the task needed made
the security easier.  But that doesn't make the machine less reliable
for running large loads with an uptime of years.

And one must be careful of throwing stones.  For example Debian does
not provide a firewall by default.  And it is debatable if it needs
one.  Many people don't configure one.  Many people do.  It all
depends upon many things about the use case.  I don't put one on
internal machines.  But I do put one on front facing machines.

  You left the large unless local sysadmins care about security escape
  clause there.  But what about if the local admin *does* care about
  security?  In that case you can have a system with _better_ security
  than that provided by the vendor.
 
 If local sysadmin cares about security then that site is truly blessed.
 No irony. See, I earn my salary for solving problems with certain
 proprietary cross-platform software. As a part of job, I visit may
 different places, and what do I see there?

No need to try to convince me.  I have seen many horrors.  But I don't
think this problem is specific to the legacy Unix vendors.

 Outdated (like, 10 years outdated) SSH clients. Passwords stored in a
 plain text files in a recyclebin (or on a sheet of paper under the
 keyboard). Telnet as a primary administration tool (because 'terminal
 looks funny in a SecureCRT if I use SSH'). Cargo cult as the main
 method of configuring servers. Advices such as 'disable encryption in
 SSH, our server's CPUs cannot handle encryption' (copying files with
 scp from one Superdome to another). Complete inability to grasp even
 basic concepts of TCP/IP (we have network guys, they handle it).
 'We're using VLANs so we don't need to encrypt anything'. 'We've
 installed antivirus everywhere = we're secure'.
 And last, but not least - 'security is complex, security bores me,
 security breaks our system'.

Yep.  I agree totally with what you have said.  I have seen the like
myself up close and personal.  Horrors!

 And they are not Joe and Jane the Average End Users. They are
 sysadmins :(

Yes.  But just because they have the job does not make make them good
at it.  Most importantly it does not give them the attitude that if it
is broken then it must be fixed.  (Broken windows lead to more
brokenness.)  The attitude is more important.  If they are persistent
then with the attitude that broken windows must be fixed then they
will learn what they need.  Attitude is more important.  But too often
I see people who simply occupy hours on the time card.  If they don't
have

Re: sudo and UNIXes

2013-10-27 Thread Joe Pfeiffer

Reco recovery...@gmail.com writes:
 Tom H tomh0...@gmail.com wrote:
 On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote:

  Considering that primary usage of sudo is to provide controlled
  privilege escalation to uid=0, using unsupported (therefore - not
  updated unless local sysadmins care about security) sudo on these OSes
  is basically equivalent to giving everyone uid=0.
 
  Somewhat exaggerated :)
 
  No offense meant, but probably you're living in a some kind of IT
  paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of
  paradise.
 
 Not updating/patching sudo isn't equivalent to giving everyone root
 access! It's a BIG leap!

 True, you need to add to the picture that curious user who just read on
 Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
 disgruntled user who needs /etc/system changed right here and now. Or
 that developer who needs to do this 'small change, nobody will notice'
 on a production server.
 And if you don't have such people there - good for you, as here we can
 always find such person here.

You also have to add to the picture such a vulnerability, and I haven't
noticed any.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1b38nmdqfg@snowball.wb.pfeifferfamily.net

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-26 Thread Tom H

On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote:
On Fri, 25 Oct 2013 20:28:57 +
Tom H tomh0...@gmail.com wrote:
On Fri, Oct 25, 2013 at 7:41 PM, recovery...@gmail.com wrote:
On Fri, 25 Oct 2013 12:31:55 -0600
Bob Proulx b...@proulx.com wrote:

Sudo has been on
HP-UX, SunOS, Solaris, IBM AIX and others for many years. It isn't
anything new. It is a good worthy tool.

This is not entirely correct. Sudo is considered third-party software
in HP-UX (HP merely builds it and doesn't install by default), AIX (not
provided by IBM and therefore not supported) and Solaris (third-party
software without any support in versions = 10). About the only
exception is Solaris 11 which provides sudo in default install (and it
is configured the same way as in Ubuntu by default).

Solaris has had pfexec since Solaris 8.

Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
definitely not sudo too.

It might not be sudo but it's the same principle of privilege escalation.

Considering that primary usage of sudo is to provide controlled
privilege escalation to uid=0, using unsupported (therefore - not
updated unless local sysadmins care about security) sudo on these OSes
is basically equivalent to giving everyone uid=0.

Somewhat exaggerated :)

No offense meant, but probably you're living in a some kind of IT
paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of
paradise.

Not updating/patching sudo isn't equivalent to giving everyone root
access! It's a BIG leap!

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/CAOdo=syowajfhff+4y-m52cew4odcyhog894yufxtgbnyxk...@mail.gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread recoverym4n

 Hi.

On Fri, 25 Oct 2013 12:31:55 -0600
Bob Proulx b...@proulx.com wrote:

 Sudo has been on
 HP-UX, SunOS, Solaris, IBM AIX and others for many years.  It isn't
 anything new.  It is a good worthy tool.

This is not entirely correct. Sudo is considered third-party software
in HP-UX (HP merely builds it and doesn't install by default), AIX (not
provided by IBM and therefore not supported) and Solaris (third-party
software without any support in versions = 10). About the only
exception is Solaris 11 which provides sudo in default install (and it
is configured the same way as in Ubuntu by default).
Considering that primary usage of sudo is to provide controlled
privilege escalation to uid=0, using unsupported (therefore - not
updated unless local sysadmins care about security) sudo on these OSes
is basically equivalent to giving everyone uid=0.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131025234110.478c8065ddd992139a38b...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread Ralf Mardorf

This seems to be an unintended initiated thread by me :D.

In the past I was against sudo, but nowadays I set up a root account
(su) and sudo for my Linux and if I use Ubuntu I usually keep it as is,
IOW just sudo, no root account. Security doesn't suffer from sudo, OTOH
ich bin schmerzfrei as we say in German, somebody on this list called
it a sledgehammer:

#!/bin/sh

xhost +
gksudo -u chuser $*
xhost -
exit

C'mon, not all machines are multi-user top security environments.

If you talk about pros and cons sudo, first clarify for what task.
Better add sudo, even without asking for a password, than have people
running X sessions as root.

Without PAM we likely would run X audio sessions as superuser ;).
http://jackaudio.org/linux_rt_config

People still can become root by su and than do disgusting things ;) and
unintended allow foreigners to do disgusting things too, assumed the
superuser leaves something over intruders could damage.

Regards,
Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1382731835.656.48.camel@archlinux

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread Tom H

On Fri, Oct 25, 2013 at 7:41 PM,  recovery...@gmail.com wrote:
 On Fri, 25 Oct 2013 12:31:55 -0600
 Bob Proulx b...@proulx.com wrote:


 Sudo has been on
 HP-UX, SunOS, Solaris, IBM AIX and others for many years.  It isn't
 anything new.  It is a good worthy tool.

 This is not entirely correct. Sudo is considered third-party software
 in HP-UX (HP merely builds it and doesn't install by default), AIX (not
 provided by IBM and therefore not supported) and Solaris (third-party
 software without any support in versions = 10). About the only
 exception is Solaris 11 which provides sudo in default install (and it
 is configured the same way as in Ubuntu by default).

Solaris has had pfexec since Solaris 8.


 Considering that primary usage of sudo is to provide controlled
 privilege escalation to uid=0, using unsupported (therefore - not
 updated unless local sysadmins care about security) sudo on these OSes
 is basically equivalent to giving everyone uid=0.

Somewhat exaggerated :)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=SyHvrF=gpje83ryhjf+iyrlc6aqmtdhbjbjtfdfowt...@mail.gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread Bob Proulx

recovery...@gmail.com wrote:
 Bob Proulx wrote:
  Sudo has been on HP-UX, SunOS, Solaris, IBM AIX and others for
  many years.  It isn't anything new.  It is a good worthy tool.
 
 This is not entirely correct. Sudo is considered third-party software
 in HP-UX (HP merely builds it and doesn't install by default), AIX (not
 provided by IBM and therefore not supported) and Solaris (third-party
 software without any support in versions = 10). About the only
 exception is Solaris 11 which provides sudo in default install (and it
 is configured the same way as in Ubuntu by default).

It is certainly fair that you would take exception to my words (since
I often do that to others!) but I said on those not distributed by
them.  ;-)  I didn't say the vendor distributed it.

Most of those systems ship very little by their vendors.  I have used
them for many years and almost all of the software that you will use
on those systems will have been compiled and installed by the local
admin.  IMNHO they are mainly a good solid base upon which you as the
local admin build the working system upon.  And for me if we are
talking about what we compile locally from source I would need to look
but the list is several hundred packages long!

 Considering that primary usage of sudo is to provide controlled
 privilege escalation to uid=0, using unsupported (therefore - not
 updated unless local sysadmins care about security) sudo on these
 OSes is basically equivalent to giving everyone uid=0.

You left the large unless local sysadmins care about security escape
clause there.  But what about if the local admin *does* care about
security?  In that case you can have a system with _better_ security
than that provided by the vendor.

And even in the case of an overworked and somewhat slack admin the
system security with source sudo installed but old is probably about
the same as the provided by the vendor.  Vendors don't update their
software that often and usually not without something pushing them to
do so.

For improved security a system with many eyes upon the code such as
Debian is much better.  Anyone using a traditional legacy Unix system
today is most likely not using it for the security of the system but
for other aspects of it.

Bob


signature.asc
Description: Digital signature

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Fri, 25 Oct 2013 14:21:37 -0600
Bob Proulx b...@proulx.com wrote:

 recovery...@gmail.com wrote:
  Bob Proulx wrote:
  This is not entirely correct. Sudo is considered third-party software
  in HP-UX (HP merely builds it and doesn't install by default), AIX (not
  provided by IBM and therefore not supported) and Solaris (third-party
  software without any support in versions = 10). About the only
  exception is Solaris 11 which provides sudo in default install (and it
  is configured the same way as in Ubuntu by default).
 
 It is certainly fair that you would take exception to my words (since
 I often do that to others!) but I said on those not distributed by
 them.  ;-)  I didn't say the vendor distributed it.

Indeed you didn't. My sincere apologies just in case.

 Most of those systems ship very little by their vendors.  I have used
 them for many years and almost all of the software that you will use
 on those systems will have been compiled and installed by the local
 admin.  IMNHO they are mainly a good solid base upon which you as the
 local admin build the working system upon.  And for me if we are
 talking about what we compile locally from source I would need to look
 but the list is several hundred packages long!

Oh. You mean that HP suddenly transformed to good fairies and stopped
charging extra for aCC? Or IBM received an encrypted signal from their
supervisors from Mars and did the same to vacc? And don't even mention
Sun, those guys managed to build their base system with two different C
compilers at once (gcc and that thing they put in Sun Studio instead
of C compiler).

As for 'solid base'… C'mon, treating openssh as a third-party tool? No
meaningful firewall in default install? Telnet and FTP (root is allowed
by default) enabled by default and are listening 0.0.0.0? Mandatory
access control as a paid feature? Clearly our definitions of 'solid
base' are different.


  Considering that primary usage of sudo is to provide controlled
  privilege escalation to uid=0, using unsupported (therefore - not
  updated unless local sysadmins care about security) sudo on these
  OSes is basically equivalent to giving everyone uid=0.
 
 You left the large unless local sysadmins care about security escape
 clause there.  But what about if the local admin *does* care about
 security?  In that case you can have a system with _better_ security
 than that provided by the vendor.

If local sysadmin cares about security then that site is truly blessed.
No irony. See, I earn my salary for solving problems with certain
proprietary cross-platform software. As a part of job, I visit may
different places, and what do I see there?
Outdated (like, 10 years outdated) SSH clients. Passwords stored in a
plain text files in a recyclebin (or on a sheet of paper under the
keyboard). Telnet as a primary administration tool (because 'terminal
looks funny in a SecureCRT if I use SSH'). Cargo cult as the main
method of configuring servers. Advices such as 'disable encryption in
SSH, our server's CPUs cannot handle encryption' (copying files with
scp from one Superdome to another). Complete inability to grasp even
basic concepts of TCP/IP (we have network guys, they handle it).
'We're using VLANs so we don't need to encrypt anything'. 'We've
installed antivirus everywhere = we're secure'.
And last, but not least - 'security is complex, security bores me,
security breaks our system'.
And they are not Joe and Jane the Average End Users. They are
sysadmins :(

Not that UNIXes are that bad. It happens for any OS, GNU/Linux included.


 And even in the case of an overworked and somewhat slack admin the
 system security with source sudo installed but old is probably about
 the same as the provided by the vendor.  Vendors don't update their
 software that often and usually not without something pushing them to
 do so.

Sudo had vulnerabilities that lead to gaining root access by exploiting
them. And people will use is as vendors won't provide them any
meaninful way to update all installed software at once.
Therefore - using outdated sudo is an equivalent to wearing
T-shirt with a root password written on it as an end result will be the
same.


 For improved security a system with many eyes upon the code such as
 Debian is much better.  Anyone using a traditional legacy Unix system
 today is most likely not using it for the security of the system but
 for other aspects of it.

That's true, but. I didn't implied that proprietary software is
insecure (although, honestly, it is :) given what kind of people
actually writing it today) a priori, I meant that using outdated tool
for gaining security actually lowers it.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131026010704.c520162a574e2d5d01ccf...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Fri, 25 Oct 2013 20:28:57 +
Tom H tomh0...@gmail.com wrote:

 On Fri, Oct 25, 2013 at 7:41 PM,  recovery...@gmail.com wrote:
  On Fri, 25 Oct 2013 12:31:55 -0600
  Bob Proulx b...@proulx.com wrote:
 
 
  Sudo has been on
  HP-UX, SunOS, Solaris, IBM AIX and others for many years.  It isn't
  anything new.  It is a good worthy tool.
 
  This is not entirely correct. Sudo is considered third-party software
  in HP-UX (HP merely builds it and doesn't install by default), AIX (not
  provided by IBM and therefore not supported) and Solaris (third-party
  software without any support in versions = 10). About the only
  exception is Solaris 11 which provides sudo in default install (and it
  is configured the same way as in Ubuntu by default).
 
 Solaris has had pfexec since Solaris 8.

Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
definitely not sudo too.


  Considering that primary usage of sudo is to provide controlled
  privilege escalation to uid=0, using unsupported (therefore - not
  updated unless local sysadmins care about security) sudo on these OSes
  is basically equivalent to giving everyone uid=0.
 
 Somewhat exaggerated :)

No offense meant, but probably you're living in a some kind of IT
paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of
paradise.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131026011611.f2a1e103756681a7d0e85...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread Ralf Mardorf

On Sat, 2013-10-26 at 01:07 +0400, Reco wrote:
 Passwords stored in a plain text files in a recyclebin (or on a sheet
 of paper under the keyboard).

Female sysadmins wearing slips of paper on the forehead with
passphrases: http://www.kingmatz.com/Bilder%202007/2009/mk/RIMG0206.JPG


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1382735826.656.70.camel@archlinux

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

On Fri, 25 Oct 2013 22:10:35 +0200
Ralf Mardorf ralf.mard...@alice-dsl.net wrote:

 In the past I was against sudo, but nowadays I set up a root account
 (su) and sudo for my Linux and if I use Ubuntu I usually keep it as is,
 IOW just sudo, no root account. Security doesn't suffer from sudo, OTOH
 ich bin schmerzfrei as we say in German, somebody on this list called
 it a sledgehammer:
 
 #!/bin/sh
 
 xhost +
 gksudo -u chuser $*
 xhost -
 exit

Indeed it does have some qualities of a sledgehammer.
'xhost +si:localuser:chuser' will do the same with less side effects.
Copying right part of .Xauthority will remove the need to do xhost.


 C'mon, not all machines are multi-user top security environments.

Sure. Also you don't mind providing your credit card number and CCV to
the rest of the world. And in no circumstances you won't store any
files on any of those machines you don't want to show to anyone. And
you have no objections to help some poor kind soul to mine some
bitcoins. And you have to objections to participating in botnets or
send spam.


 If you talk about pros and cons sudo, first clarify for what task.
 Better add sudo, even without asking for a password, than have people
 running X sessions as root.

I never implied that sudo is a bad thing. It is Ubuntu-style sudo
(ability to run arbitrary command as a root) is a bad thing IMO.


 Without PAM we likely would run X audio sessions as superuser ;).
 http://jackaudio.org/linux_rt_config

Please tell that to that Lennart Poeterring guy who invented his own
RealTimeGizmo for his beloved PulseAudio ;)

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20131026013423.1aef56a50728fa4e4c261...@gmail.com

Re: sudo and UNIXes (was: audacity export wma format[1 more question])

2013-10-25 Thread Ralf Mardorf

On Sat, 2013-10-26 at 01:34 +0400, Reco wrote:
 Please tell that to that Lennart Poeterring guy who invented his own
 RealTimeGizmo for his beloved PulseAudio ;)

Ok, now I'm able to resist. I love to be marxbrotherish, but with
respect to the list, I try to fake, that I don't know who this girl is.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1382737291.656.74.camel@archlinux

Re: sudo and UNIXes (was: audacity export wma format[1 more question])