On Tue, 11 Apr 2017 at 12:55:37 +0100
KatolaZ <katolaz@???> wrote:

> On Tue, Apr 11, 2017 at 01:34:19PM +0200, Alessandro Selli wrote:
>
> [cut]
>
> > One cannot avoid using at least once his own password at the start of
> > the session, so this password cannot be completely secured when operating
> > in an open or unprotected environment. If need arises to perform, in
> > that same environment, a task that requires root privileges, then sudo is
> > the easiest way to perform that task without exposing the superuser's
> > password at all.
> >
>
> OK, but you would agree that, if you find yourself in such an
> "unprotected enviroment", there is not much difference between typing
> the root password and typing the password of a user who can become
> root by "sudo su".

No, I do not agree. There is in fact a big difference: would someone gain
knowledge of your unpriviledged user's password, then would attackers
manage to have a shell access to your PC they whould only be able to do what
you can do and what you configured sudo to let your user do. Gaining knowledge
of the superser's password allows unrestricted access to all the systems'
resources after a shell is obtained.

> No automagic can replace a reasonable behaviour, especially when it
> comes to security.

Of course. I do state anyway that sudo is inherently more secure than su.

> The worst aspect of sudo is that it has deluded
> users in thinking that the sudo-way is "more secure".

Again, every useful security tool can be misconfigured and abused into a
security hazard. ssh can be, PAM can be, LDAP can be, SSL/TLS can be,
Kerberos can be, SUID is, Linux Capabilities can be, ACL can be and so on and
on. This is however just a pretext when arguing against the use of these
tools.




--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarattha@???
Chiavi PGP/GPG keys: B7FD89FD, 4A904FD9