Re: sudo without password

On Wed, 2006-07-06 at 02:04 -0400, Scott Kitterman wrote:

Note that doing this is a very bad idea from a security standpoint....



And none of this makes the slightest difference to the well-being of the
single most important stuff on your computer: Your own files.



So.............. a 'very bad idea from a security standpoint'... hardly.



This is a point that seems to be missed in the UNIX community a lot: the
vast majority of computer users no longer run on time-shared, multi-user
systems. "Security" is "me and my files" not "my system because if it
goes down hundreds of others are inconvenienced".



It's a different world. UNIX will catch up sometime.



If I screw up and make my data available to someone, that hurts me.



And that is the most common security exploit even under Windows. You
lose your data. We just hear about the other ones more because a)
they're the scary ones and sensationalism always wins out over numbers
and b) they're the ones that we're more likely to see in the wild when
they hit (by their very nature).


If I screw up and compromise my machine and give it over to some
spammer/phisher/[insert favorite net crime here], then I've hurt the entire
internet.


How nicely full of hubris. "My little laptop will bring down the
Internet."

Tragically, however, the worst attacks ever only brought down a part of
the Internet for small periods of time (relatively speaking).


It's a different world. UNIX was designed for it.


UNIX was designed long before there was an Internet. And its security
model shows it. (Sudo is an afterthought, not the primary model.) A
modern security model would be capabilities-based -- you know, two
generations of security architecture past what UNIX was designed with.

--
Michael T. Richter
Email: ttmrichter@xxxxxxxxx, mtr1966@xxxxxxxxxx
MSN: ttmrichter@xxxxxxxxxxx, mtr1966@xxxxxxxxxxx; YIM:
michael_richter_1966; AIM: YanJiahua1966; ICQ: 241960658; Jabber:
mtr1966@xxxxxxxxx

"My paramount object in this struggle is to save the Union, and is not
either to save or to destroy slavery." --Abraham Lincoln

Attachment: signature.asc
Description: This is a digitally signed message part

--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: sudo without password
    ... UNIX will catch up sometime. ... And that is the most common security exploit even under Windows. ... the Internet for small periods of time. ...
    (Ubuntu)
  • Re: Unix Security Standards, books, tools...
    ... > I recently was assigned the project of developing security standards for our ... We have about 400 unix box's (HP-UX, Sun Solaris, AIX, ... Practical UNIX & internet secuity. ...
    (Security-Basics)
  • [NT] Vulnerability in Microsoft Data Access Components Allows Code Execution (MS07-009)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... this vulnerability by preventing Active Scripting and ActiveX controls ... mode sets the security level for the Internet zone to High. ...
    (Securiteam)
  • Testimony of Jeff Schmidt, CEO, Authis
    ... Examining the Security Implications of Proposed Online Gambling Regulation ... recognized expert on issues related to online identification and authentication, ... authentication, and age verification. ... individual using The Internet. ...
    (rec.gambling.poker)
  • << SBS news of the week 12/6/2004>>
    ... Simply connecting to the Internet — and doing ... You would NEVER set up a server with file and printing sharing ports ... McAfee says 'Skulls' mobile security threat still low ... ISPs raise the stakes on DDoS attacks ...
    (microsoft.public.backoffice.smallbiz2000)