Diff: SudoHowto - Waikato Linux Users Group

Differences between version 6 and revision by previous author of SudoHowto.

Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History

Newer page:	version 6	Last edited on Friday, August 26, 2005 2:09:38 pm	by CraigBox	Revert
Older page:	version 5	Last edited on Friday, August 26, 2005 11:40:57 am	by SimonBridge	Revert

@@ -37,9 +37,9 @@

</verbatim>

Gold!

!!! Common Misconceptions About sudo(1) and Security

-Since it's inception, the possibility that providing SuperUser access on a normal user password could represent a security hole has tickled the imagination of [hacker | ~~http://wiki.linux.net.nz/~~ Hacker] and user alike. While there have been special cases of misusing sudo(1) so as to circumvent network security, security bullitins like [ this | http://www.securiteam.com/unixfocus/3Y5QCR5N5O.html] would eem to make more of the issue than there is. The purpose of this section is to clear up misconceptions that commonly occur about the use of sudo(1) in practise. Hopefully, this will allow sysadmins and users, concerned about security, to direct their energies to more serious issues.

+Since it's inception, the possibility that providing SuperUser access on a normal user password could represent a security hole has tickled the imagination of [hacker|Hacker] and user alike. While there have been special cases of misusing sudo(1) so as to circumvent network security, security bullitins like [ this | http://www.securiteam.com/unixfocus/3Y5QCR5N5O.html] would eem to make more of the issue than there is. The purpose of this section is to clear up misconceptions that commonly occur about the use of sudo(1) in practise. Hopefully, this will allow sysadmins and users, concerned about security, to direct their energies to more serious issues.

<b>"sudo(1) allows unverified SuperUser access to a normal user"</b> (This is <i>not</i> true.)

This misconception comes from a misreading of the sudo(1) man page. One understands that after first invoking sudo(1), one no longer need enter a password for future uses (within a time limit). One also understands that the user access has been upgraded for the duration of this time limit. This leads to the following possible uses coming tomind: