[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



On 11/18/2009 05:21 PM, Peter Jones wrote:
> 
> You've sortof missed my point here, which isn't a big surprise since I
> left a lot of space to figure it out in.
> 
> root added your name to /etc/sudoers.  She might have put:
> 
> cjd ALL=(ALL) NOPASSWD:ALL
> 
> but apparently instead she put:
> 
> cjd ALL=(ALL) ALL
> 
> If sudo is asking you for a password, it's because somebody intentionally
> made a choice for it to do so, in the config file. It's not some kind of
> accident. It's not some global policy because of a universal truth, as you
> seem to think. It's a choice somebody made when they put your name in
> there.
> 
> (Read what you will as to how this is relevant to our current predicament.)
> 

Ok, lets put it another way:

Why is it a good idea? We could say:

1) It isn't. The sudo authors added no value by giving admins this option, and wasted everyone's time by making it the preferred behavior (you have to explicitly /say/ NOPASSWD if you want it. That's a very different message than having to explicitly say PASSWD. Ultimately the UI here encourages leaving the password prompt enabled when doling out permissions).

2) All the information granted to the process about the context in which it was run is insufficient to verify something that prompting for the password verifies.

And yes, sudo does also try to make sure its running on an actual console (try piping a password to it sometime).

--CJD


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]