Sorry I thought this thing with the moofed root accounts was bad, but I just
saw a reference to [sudo su -] WHAT!
That has to be the worst command in the scope of security
You not only have a root accounted moofed so that
the user has to rely on the security of the sudo command without being able
to verify the authentication of the issuing authority other than the
configuration
of the command and that is sudo.. but now it is added as a layer of switch
user (su) which is completely against the UNIX security model of never add
any
layers to account access.
Logic: every layer provides one more place for a security failure..
When I first tested the sudo command by compiling the source in 2006 and
found it to violate the UNIX standard security model I would have never
believed
that not only would it become something people use..
When you look at commercial organizations which use secure systems you will
find that sudo is NEVER a command on those systems and there is a reason.
the keyword here is security. UNIX and gnu/Linux can be secure, but it can
also be unsecure.. all it takes is poor configuration, programming and bad
commands
to make it so. If people do not want to learn how to keep and use secure
systems, use windows.. or even some device where the root authority is
embedded
in a chip like a smart phone, so the ISP can get into the system. The
security designs are there because they have been working properly for over
40 years,
either adhere to proper security or plan on having a security failure.
I do understand that they are trying to make UNIX/Linux administration more
user friendly so to attract more users. And from that point I am all for
making
systems more friendly. BUT!, Do not make systems friendly by making them less
secure.
http://www.sudo.ws/sudo/history.html