[X-Unix] Re: Root Exploit via sudo
Timothy Luoma
lists at tntluoma.com
Tue Apr 12 13:53:56 PDT 2005
On Apr 12, 2005, at 8:58 AM, Kuestner, Bjoern wrote:
>> if you simply change the place where sudo logs to,
>> the security hazard is removed without added inconvenience.
>
> I think you have to not only change the place but also
> a) secure that a script cannot easily read from a config file the new
> location
> b) better, secure the permission for the new log file.
If you read the official note at
http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0
it will recommend to change the logging to /var/log/secure.log which is
owned by root and chmod 600 by default
> Even then I'm not sure if that is secure enough for the paranoid (does
> not include me). But as the devil's advocate I could imagine a script
> that tries to run a sudo command every four minutes. I don't think
> you're blocked in any way if you fail with a sudo attempt. So sooner
> or later an attempt will succeed because the user happened to use sudo
> 2 minutes before that.
True, however if someone can login to an account with admin privileges
then you already have security problems.
> I guess the only secure way for OS X and other Unixish systems is to
> remove the grace period after a sudo command.
The tty restriction:
Defaults:ALL tty_tickets
is a good one.
I'm concerned that removing the grace period entirely would lead people
to choose weaker passwords, which is a much bigger security threat.
TjL
More information about the X-Unix
mailing list