Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: Greetings and salutations | sudo

by zentara (Archbishop)
on Feb 07, 2020 at 19:16 UTC ( #11112578=note: print w/replies, xml ) Need Help??


in reply to Re: Greetings and salutations | sudo
in thread Greetings and salutations | sudo

The problem is that almost all distros are forcing users to use sudo now. Even Kali Linux is now requiring the use of sudo. When I run the exploit on my Slackware linux install, I just get a message "be considerate of other users". :-)

I'm not really a human, but I play one on earth. ..... an animated JAPH

Replies are listed 'Best First'.
Re^3: Greetings and salutations | sudo
by afoken (Canon) on Feb 08, 2020 at 05:00 UTC
    The problem is that almost all distros are forcing users to use sudo now.

    What are the alternatives?

    • Handing out the root password to everyone needing it?
    • Using su? Full, unrestricted root for everyone? That's nearly as evil as handing out the root password.
    • Using doas? The latter looks good, but is BSD-only.

    sudo was designed to be safe, including restricting users to run only some commands as root, and optional logging. But it became too complex when it tried to prevent subshells running as root, e.g by injecting libraries (IIRC) and by filtering command parameters.

    Using sudo just as a prefix for any command to be run as root is syntactically correct, but in this very common default configuration it is nothing more than a su replacement asking for the user password instead of the root password for all people being part of the wheel group (sudo group on Debian, because wheel is evil for some strange reason).

    A safe sudo configuration is possible, but it requires a lot of time thinking through the capabilities of the sudo configuration. See below.

    This particular exploit breaks a completely nonsense feature, echoing a * for every character of the password typed in, which is OFF by default. Linux distributions became vulnerable to this exploit when they messed with the configuration of sudo.

    sudo has a problem: Too many features. doas fixes that for *BSD.

    sudo has two other problems: An unusual config file format and a man page for that starts with "how to read this manual". https://xkcd.com/1343/. My favorite heading is "Quick guide to EBNF". Yes, it may be technically correct, but it is on the far right side of the xkcd.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
      How about sticking to the original unix ideal, with a root account. Only root can modify the system. Slackware still runs that way.

      What I see happening is the "Windowsification" of linux, where users ( or the distro makers ) wants to dumb down the user. I see no problem with a user switching to a root console to install a package, the use of sudo is a glaring root security hole. Any user with sudo can become root and backdoor a system, how convenient for the 3 letter agencies. :-)

      Another alternative, is installing packages in the user's home directory if they are not root.


      I'm not really a human, but I play one on earth. ..... an animated JAPH
        How about sticking to the original unix ideal, with a root account. Only root can modify the system.

        That simply does not scale. Yes, it's ok if you have exactly one admin. Maybe if it's your own single-user machine. But if you have a bunch of servers, perhaps distributed across more than one location, this will not work. You don't want to have a biological single point of failure, and you do not want to share the root password. That's why Unix has a wheel group, and the Debian people decided that it is better to have a sudo group. You need several admins, and you need to have a log who messed up which parts of the system. That's why sudo can log so much information. And that's why sudo can be tweaked to grant only limited root access.

        Slackware still runs that way.

        That's not correct. Out of the box, Slackware demands a root password, and installing sudo is optional. In the default setup, sudo is installed, but you have to adapt it to your local policies. You have to do that anyway, and as usual, Slackware does not enforce a specific configuration.

        In the most simple case, uncomment one of the three group configurations from /etc/sudoers, and add one or more users to either the wheel or the sudo group:

        ## Uncomment to allow members of group wheel to execute any command # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command # %sudo ALL=(ALL) ALL

        Starting from the last line, this is the Debian way of configuring sudo. Admins are members of the sudo group, and have to enter their password to gain root privileges.

        In the middle, you find the classic Unix setup. Admins are members of the wheel group, and get root privileges without entering a password.

        And the first variant is the secure way of the classic Unix setup. Admins are members of the wheel group, but they have to enter their password. That's what Debian should have done.

        Any user with sudo can become root and backdoor a system

        No. It depends on the configuration of sudo, and in the out-of-the-box configuration of Slackware, adding users to the wheel and/or sudo groups does not grant any privileges. If you choose one of the all-or-nothing group setups from the default configuration, yes, any user that is member of the respective group has full root privileges. This is the common setup for a single-user machine.

        BUT:

        In a multi-user, multi-server setup, you will use more complex sudo configuration, granting various privileges to various users. You can select applications, hosts, users, and you can even choose if sudo requires a password for each and every of the combinations. The sudoers man page has examples, but it was probably the inspiration for the right-hand side of https://xkcd.com/1343/. Scroll down to the "EXAMPLES" section. And in such a setup, there are probably several users who can use to gain limited root privileges, but only a few or even none can get sufficient privileges to install a backdoor or simply get a shell with root privileges.

        Oh, and by the way: Slackware also installs su (in the required package "shadow"), setuid root and prompting for the root password, this will give anyone knowing the root password an unlimited root shell. That's why you don't share root passwords. People are very bad at keeping secrets. See also Rubber-hose cryptanalysis.

        Alexander

        --
        Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11112578]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (8)
As of 2020-04-01 08:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    To "Disagree to disagree" means to:









    Results (186 votes). Check out past polls.

    Notices?