Re: Regarding sudo

On Thu, 12 Jul 2007 08:05:17 -0500, John Hasler wrote:
<snip>

Any program can test the validity of a given password. That doesn't matter
because finding a valid password by trial and error would take a billion
years.

<snip>

Pardon me for butting in, but I only want to add one clarification to what
you have written above. Cracking a password by trial and error _can_ take
a long time, that is, if the password has been properly chosen. A password
that is not properly chosen might be easy to break, using a dictionary
attack, etc. There are guidelines online which explain how to choose a
difficult to crack password. The passwd program I have used must do some
checking before setting the password, because the message, "Warning, weak
password" will popup if the password doesn't meet the requirements.

You also alluded to the 40 year history of the *nix system security,
which was designed with multiple users in mind from the beginning.

I have summarized a few of the key principles of *nix system security that
I have learned so far.

1. A normal user cannot damage the critical system files. Damage done by
users will be confined to his own files.

2. Sudo (and su users) should be educated to understand and follow good
security practices (have a good password, only use root "power" when
necessary, etc.) The root account is capable of causing great damage
to the system, including total destruction of the filesystem.

3. The *nix system protects critical system files from unauthorized access
by the non-root users of a system while the system is operating. The
file /etc/shadow has permissions which prevent simple users from reading
its contents, except for root. AIUI, the login service is started by root
at boot. That service reads /etc/shadow and uses it to authorize new users.

4. The system can deploy a newtork firewall to protect network services
from unauthorized access. Rate limited firewalls are useful in stopping
brute force attacks.

5. Prohibit simple password authentication via ssh. The public/private
keys used by ssh for certificate authentication is preferable to passing
passwords or password hashes over a network.

6. Protect system backups. The complete system backup may be vulnerable
to theft while it is in storage. For this reason, encrypting backups is a
good idea, IMO.


Again, this is not a comprehensive list, just some things that came to
mind, off the top of my head.

--
Douglas Mayne
.

Relevant Pages

  • Re: TALPA - a threat model? well sorta.
    ... Assuming it wants to protect against root: ... But you need some LSM like protections to be able to protect the file ... the integrity of the file scanner against root. ...
    (Linux-Kernel)
  • Re: [malware-list] TALPA - a threat model? well sorta.
    ... I honestly don't think we should worry about root. ... scanner for file servers ... "how do we protect the file scanner", ... Complete rootkit protection is a whole other area not ...
    (Linux-Kernel)
  • Re: TALPA - a threat model? well sorta.
    ... I honestly don't think we should worry about root. ... Sure, if the AV scanner ... But you need some LSM like protections to be able to protect the file ...
    (Linux-Kernel)
  • Re: TALPA - a threat model? well sorta.
    ... protections against maliciously attacking programs be they root or not. ... happen is that the scanner is going to scan the trojan.rpm when yum ... Stop thinking this is an LSM or as a new security model. ... But you need some LSM like protections to be able to protect the file ...
    (Linux-Kernel)
  • Re: grub.conf has disappeared -- FC2 / WinXP-SP2
    ... > been caused by your being logged on as root. ... > erased some critical system files by being logged on as root? ... Only use root for system maintenance and configuration. ... Registered Linux User #363218 ...
    (comp.os.linux.setup)