Penguin
Recent Changes

Differences between version 5 and predecessor to the previous major change of SudoHowto.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 5 Last edited on Friday, August 26, 2005 11:40:57 am by SimonBridge Revert
Older page: version 3 Last edited on Tuesday, June 28, 2005 3:12:02 am by AristotlePagaltzis Revert
@@ -35,4 +35,54 @@
 <verbatim> 
  #3) With great power comes great responsibility. 
 </verbatim> 
 Gold! 
+  
+!!! Common Misconceptions About sudo(1) and Security  
+Since it's inception, the possibility that providing SuperUser access on a normal user password could represent a security hole has tickled the imagination of [hacker | http://wiki.linux.net.nz/Hacker] and user alike. While there have been special cases of misusing sudo(1) so as to circumvent network security, security bullitins like [ this | http://www.securiteam.com/unixfocus/3Y5QCR5N5O.html] would eem to make more of the issue than there is. The purpose of this section is to clear up misconceptions that commonly occur about the use of sudo(1) in practise. Hopefully, this will allow sysadmins and users, concerned about security, to direct their energies to more serious issues.  
+  
+<b>"sudo(1) allows unverified SuperUser access to a normal user"</b> (This is <i>not</i> true.)  
+This misconception comes from a misreading of the sudo(1) man page. One understands that after first invoking sudo(1), one no longer need enter a password for future uses (within a time limit). One also understands that the user access has been upgraded for the duration of this time limit. This leads to the following possible uses coming tomind:  
+  
+<b>example 1:</b>  
+<verbatim>  
+$ sudo iptables -L  
+password:  
+<iptables information>  
+... time, less than 5 mins, passes ...  
+$ iptables -L  
+<iptables information>  
+</verbatim>  
+  
+<b>example 2:</b>  
+<verbatim>  
+$ sudo iptables -L  
+password:  
+<iptables information>  
+... time, less than 5 mins, passes ...  
+$ sudo mount <some file system at some mountpoint>  
+<mount complete without password or error>  
+</verbatim>  
+  
+If either of these examples seem reasonable to you, then you have been taken in by this common and subtle misconception. You are encouraged to try these out. (Note: Superuser access in not required to mount(2) a filesystem, provided it is entered in fstab(5) with the "user" option.)  
+  
+In example 1, the second invokation of iptables(8) would fail. To execute this command without requiring a password requores the user enter <tt>sudo iptables -L</tt>.  
+  
+In example 2, the invokation of <tt>mount</tt> would still require a password - even though sudo has already been invoked and verified within the "magic" 5 min time frame.  
+  
+<b>Sudo does not grant SuperUser access to any user.</b> The access is granted to a <i>single command</i> only. Only that one command can be subsequently sudoed without a password, and only by the original invoking user. So the following example shows the correct behavior:  
+  
+<b>example 3:</b>  
+<verbatim>  
+$ sudo whoami  
+password:  
+root  
+$ whoami  
+user  
+$ sudo whoami  
+root  
+$ sudo whereis sudo  
+password:  
+sudo: /usr/bin/sudo /usr/share/man/man8/sudo.8.gz  
+</verbatim>  
+  
+The first invokation of sudo(1) for the whoami(1) command required a password. Invoking whoami(1) without sudo(1) shows that you are still a normal user. Future invokations of sudo(1) do not require a password for the command "<tt>whoami</tt>". Attempting to sudo(1) any <i>other</i> command still requires a password. (note: <tt>whereis</tt> does not need root to be used, but sudo(1) requires verification anyway: it is not verifying your right to use the command, but your right to use sudo(1).)