From owner-freebsd-security@FreeBSD.ORG Fri Aug 27 17:44:16 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1273106566C for ; Fri, 27 Aug 2010 17:44:16 +0000 (UTC) (envelope-from andy.kosela@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5F0A88FC16 for ; Fri, 27 Aug 2010 17:44:16 +0000 (UTC) Received: by vws7 with SMTP id 7so3586168vws.13 for ; Fri, 27 Aug 2010 10:44:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=jCAvlmBwBbS6vzUX+KA1pL82AlZwkgz6DKEh3L/lzWM=; b=ATLm5OZy4A6fY5pqxYTc0THYuPoFPq5Vy4UhiWMOboOBOdUGS6rB5zZWrv7Ulc14JA 2gxzFI/CRGzl38oz+x4l4UTEqOllRVWiGeAxibkJOC7DuoPWHWnPgvg7TPSzoy0+1/GO ywI7hEJ8mdUOjCPEGGNMuQPTIj0OwgrSs2/Xk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=aFLVbTTXUbXBTj+tFyquv834UUj6I+cwwSPNXBM31uAWZ255+7TAwLkp0RzOmJMqbo qYjm//D/oNK3lVERuMqkZczWH6pzXAjJXi+OWHI9esVtPLkbWlyQS9Qr3SbtmmX0FSl1 EwZZJzAC62vg6uAB9NTICOd/91sohPoQ47se4= MIME-Version: 1.0 Received: by 10.220.75.200 with SMTP id z8mr770846vcj.57.1282931055614; Fri, 27 Aug 2010 10:44:15 -0700 (PDT) Sender: andy.kosela@gmail.com Received: by 10.220.164.19 with HTTP; Fri, 27 Aug 2010 10:44:15 -0700 (PDT) In-Reply-To: References: <4C77A267.10102@thelostparadise.com> <5d88fc9506514cabc7390e66a1f9872f@localhost> Date: Fri, 27 Aug 2010 19:44:15 +0200 X-Google-Sender-Auth: eBvepYNjG_1Zaq5qeh3uJNWU9H4 Message-ID: From: Andy Kosela To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: tcpdump -z X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2010 17:44:16 -0000 On Fri, Aug 27, 2010 at 6:20 PM, Aldis Berjoza wrote: > On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer wrote: >> In fact, I would suggest to disable root, so that su - doesn't work at >> all. >> >> ./Marian > > Ye, and once sudo is broken (somehow, for whatever reason) you have lot's of > fun (especially on servers) :D Yes. Sudo(8) also just adds another complexity level to a very crucial UNIX authentication mechanisms. I would say that if any of your users need to run root-specific commands (including tcpdump(1)) then something is not right, and it's only a matter of time when you will be having some serious problems. I'm not even mentioning that sudo(8) like any other binary in the system is exploitable and it has a history of security holes (especially in the way it parses its configuration file). Anyway, discussion about including sudo(8) in the BASE comes back here about every five years or so, but as the general consensus is that a *correctly* configured sudo(8) is not that bad, it's not that good either for being a substitute for an overall solid security policy. Andy