Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Mar 2002 12:33:20 -0600
From:      Rob Andrews <rob@cyberpunkz.org>
To:        security@freebsd.org
Subject:   sudo.. a better way maybe?
Message-ID:  <20020327123320.T82300@switchblade.cyberpunkz.org>

next in thread | raw e-mail | index | archive | help

--PmA2V3Z32TCmWXqI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I've had some thoughts about sudo after the dialog about su earlier.
Thought maybe someone might be able to shed some light on something
I've been attempting to figure out how to put into action on machines
of mine.

While I've heard it being done I have yet to see any real support or
documentation which might help me to support the following.

Sudo is safe provided that a users password and account are not compromised
by an outside forced intrusion.  However.  In the event that someone does
gain access to a user account which does have sudo permission on the machine
(This happened during a period where there was an openssh bug which allowed
users on another system to gain passwords being used by other system users
which were logging into remote system via the hacked system) it would be
a simple thing to just sudo with the users current password which they
already have in hand.

I've seen this done on linux systems and when we attempted to do much the
same thing on a freebsd system it choked and died on us.  Using pam we wanted
to create a new sudo password file which pam would use to authenticate the
user. Our attempts failed at the time due to sudo ending up crashing after
repeated attempts to access the password file.

It just made sense to attempt to do a compare of the users current system
password and fail that password for sudo should a user attempt to use it.
Forcing the user to pick a new password that is in a separate database from
the regular password file gives a small comfort zone that before was not
able to be used with regard to sudo.

If anyone has any ideas or documentation dealing with this subject I'd be
most appreciative for pointing me in the correct direction.  I don't really
like having the only way to gain access to the systems with rsa keypairs,
but thusfar it seemed like the most logical solution to the problem I was
having.  I mean its not completely safe either way.  But the lack of plaintext
passwords was the best alternative to my concerns about sudo access.

Thanks in advance..

Rob Andrews
http://cyberpunkz.org/


--PmA2V3Z32TCmWXqI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8ohBvAXwJ9YLqJJURAsILAJ4q3n5xLU1Gadi4+VF7E6rHH7K8kwCeIt3J
KrAAuDBvLR3yL0xXKZsgAjE=
=ugbu
-----END PGP SIGNATURE-----

--PmA2V3Z32TCmWXqI--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327123320.T82300>