Quoth Damon Muller, > Quoth kmself@ix.netcom.com, > > I use a fairly liberal sudoers setting for my personal account. Yes, > > this means that I'm usually only a few keystrokes away from being > > root -- but that's what I'm after. And a password is still required. > > I'm of the same opinion with regard to sudo. Basically, if you're the > sort of person who never passes your password over the network in > plaintext (ie., ssh, apop, etc.), then it's unlikely someone will be > able to sniff your password. If an unpriveleged account is compromised, > chances are it will be without the password (ie., a buffer overrun in a > daemon running as something like nobody). Even if an attacker is able to > get a shell running as your user, they still don't have access to the > password file, and if they did, would have to decrypt your password. > > Without actually knowing your password, which sudo requires, having your > account *isn't* equivalent to having root. > > Of course, I might have missed something somewhere... Anyone?
Sorry for replying to myself, but I just realised that I did miss something... If someone can get a shell as your uid then they could change your path to insert a trojaned binary of sudo which could capture your password. Oh well, back to the ol' drawing board... :) cheers, damon -- Damon Muller | Did a large procession wave their torches Criminologist/Linux Geek | As my head fell in the basket, http://killfilter.com | And was everybody dancing on the casket... PGP (GnuPG): A136E829 | - TBMG, "Dead"
pgpJqLnRUX7Ke.pgp
Description: PGP signature