lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Jan 2007 09:36:11 +0100
From: Baptiste Malguy <baptiste.malguy@...easynet.net>
Cc: "K F (lists)" <kf_lists@...italmunition.com>,
	bugtraq@...urityfocus.com
Subject: Re: Remove all admin->root authorization prompts from OSX

Hello,

About sudo in particular.

* You can force for a prompt (5mn by default on Mac OSX,) adding a line
such as the following in /etc/sudoers (using the visudo command):
  Defaults        timestamp_timeout = 0

* By default users do not authenticate on a per-tty basis. You can
enforce it with the following option:
  Defaults        tty_tickets

The last is activated by default on GNU/Linux distro Ubuntu. The reading
of the sudoers manual page is a very interesting.

Regards,

-- 
Baptiste MALGUY - System Engineer                           EASYNET
PGP Fingerprint: 49B0 4F6E 4AA8 B149 B2DF  9267 0F65 6C1C C473 6EC2
www.easynet.com - phone: +33 1 44 54 70 00 - fax: +33 1 44 54 70 01

--

Marvin Simkin wrote:
> I respectfully disagree with this proposal and maybe we should discuss it.
> 
> Being a member of the admin group is NOT 100% equal to being root. Therefore when you switch from admin group to uid=0 you are escalating privileges. A trojan that gets control of an admin's session should not be able to escalate itself to root without a password prompt, which requires a human to decide (rightly or wrongly...) yes I do want to increase the authority of this process.
> 
> Sure, an admin should be smart enough not to get trojaned, but what if they do anyway?
> 
> Maybe a cracker could write a trojan that esclates itself using the powers of the admin group, but why make it easier for those who don't know how?
> 
> The myth that it should be easy for uneducated users to expose their computers to harm is one reason why certain other GUI platforms have so many security problems.
> 
> 
> host:/tmp1 sysmsimkin$ id
> uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81(appserveradm), 79(appserverusr), 80(admin)
> host:/tmp1 sysmsimkin$ ls -ld /tmp1
> drwxr-xr-x   3 501  admin  102 Jun 28  2006 /tmp1
> host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2
> mkdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> Password:
> host:/tmp1 root# mkdir /tmp1/tmp2
> host:/tmp1 root# ls -ld /tmp1/tmp2
> drwxr-xr-x   2 root  admin  68 Jan 25 11:20 /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2
> rmdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> host:/tmp1 root# rmdir /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$ 
> 
> More interesting (to me) why wasn't I prompted for a password the second time? (Yes I know it was designed that way, I'm asking was that the right decision.) Presumably there is a window of vulnerability for a few minutes AFTER you have been root during which you could fall victim to a trojan.






Download attachment "signature.asc" of type "application/pgp-signature" (545 bytes)

Powered by blists - more mailing lists