|
|
BugTraq
Remove all admin->root authorization prompts from OSX Jan 25 2007 01:20AM K F (lists) (kf_lists digitalmunition com) (2 replies) Re: Remove all admin->root authorization prompts from OSX Jan 25 2007 08:25PM A. Shaw (osxauth yahoo com) RE: Remove all admin->root authorization prompts from OSX Jan 25 2007 06:34PM Marvin Simkin (Marvin Simkin asu edu) (3 replies) Re: Remove all admin->root authorization prompts from OSX Jan 26 2007 04:45AM Ben Bucksch (news bucksch org) Re: Remove all admin->root authorization prompts from OSX Jan 25 2007 05:39PM John Smith (genericjohnsmith gmail com) |
|
Privacy Statement |
About sudo in particular.
* You can force for a prompt (5mn by default on Mac OSX,) adding a line
such as the following in /etc/sudoers (using the visudo command):
Defaults timestamp_timeout = 0
* By default users do not authenticate on a per-tty basis. You can
enforce it with the following option:
Defaults tty_tickets
The last is activated by default on GNU/Linux distro Ubuntu. The reading
of the sudoers manual page is a very interesting.
Regards,
--
Baptiste MALGUY - System Engineer EASYNET
PGP Fingerprint: 49B0 4F6E 4AA8 B149 B2DF 9267 0F65 6C1C C473 6EC2
www.easynet.com - phone: +33 1 44 54 70 00 - fax: +33 1 44 54 70 01
--
Marvin Simkin wrote:
> I respectfully disagree with this proposal and maybe we should discuss it.
>
> Being a member of the admin group is NOT 100% equal to being root. Therefore when you switch from admin group to uid=0 you are escalating privileges. A trojan that gets control of an admin's session should not be able to escalate itself to root without a password prompt, which requires a human to decide (rightly or wrongly...) yes I do want to increase the authority of this process.
>
> Sure, an admin should be smart enough not to get trojaned, but what if they do anyway?
>
> Maybe a cracker could write a trojan that esclates itself using the powers of the admin group, but why make it easier for those who don't know how?
>
> The myth that it should be easy for uneducated users to expose their computers to harm is one reason why certain other GUI platforms have so many security problems.
>
>
> host:/tmp1 sysmsimkin$ id
> uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81(appserveradm), 79(appserverusr), 80(admin)
> host:/tmp1 sysmsimkin$ ls -ld /tmp1
> drwxr-xr-x 3 501 admin 102 Jun 28 2006 /tmp1
> host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2
> mkdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> Password:
> host:/tmp1 root# mkdir /tmp1/tmp2
> host:/tmp1 root# ls -ld /tmp1/tmp2
> drwxr-xr-x 2 root admin 68 Jan 25 11:20 /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2
> rmdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> host:/tmp1 root# rmdir /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$
>
> More interesting (to me) why wasn't I prompted for a password the second time? (Yes I know it was designed that way, I'm asking was that the right decision.) Presumably there is a window of vulnerability for a few minutes AFTER you have been root during which you could fall victim to a trojan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEVAwUBRbm9fiUqjXsbruUMAQgDWQf+NTZiY+Ni7S/eOlZ0drIcpDAEDL5fKW9n
hRw/dJ2YcAYMgRTvOt/YE7v91zF8Ly8RdSa1NqZBS0/RQ622Pq2ok2kN0aRo/fXg
VQ7WYMFw4EOANKloXG6GoscCRXIWw37b2itzVEvBwCojLSxEc80ULgk5mJVQZg/r
MbFOPeh789nfLoG2y3dkdue19JnT6CwKGWYBh0oc23cUr1mVE28aJb5utJA7iGyX
yBXBANW4HnFvmS52WRsKfNe/SLpgKk1F5MnGhaRuMOdCxDTNKpjnoi+77bn0W4+A
9beEyWbPpQ7PHSPD3Q11TwBmzAD1Ga9q5lGVcl7A4Xg8AABmWfIyoA==
=k+kq
-----END PGP SIGNATURE-----
[ reply ]