Sudo considered harmful

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}

Fresh
off the presses, but not covered by the mainstream press, we have a freshly-patched
vulnerability in Ubuntu Linux  sudo to
talk about.

CVE-2009-0034
 is a bug that affects versions 8.04 and
8.10 of the popular distribution,  but it
is also an object lesson on the inherent tension between security and
usability.

On
smost *nix systems, the administrator account, called root, has ultimate power
over, well, everything. Wielding that power is sometimes left to a select
group, called “wheel”, consisting of user accounts permitted to “take
on the mantle of authority”, so to speak, and switch from being their usual
selves , “mranderson” or “user278”, to being
“root” and issuing commands which can affect the whole system as
such.

To
do this, one needs to have a valid account with a password on that machine, to
know the password  to the root account,
to be in the “wheel” group and to know the magic words, which happen
to be “su root”. Pretty good security.

Now,
what sudo does is offer a convenient way to do stuff as if you were another
user, such as root, yet without switching personas. To use sudo, your account
needs to be listed in another special file, called “sudoers” and you
need to know the password to your own user account and the magic words, which
are “sudo <whatever you wanna do>”.

This
is very much like what Vista UAC does when you try to install trojans on your
new laptop.

The
sudoers file, in the default configuration, lists only accounts allowed to run
stuff with root privileges. Yet sudo can be configured, via the same file, to
allow user accounts to run programs with the privileges of other user accounts.

If
you were a diligent little admin using Ubuntu and you took advantage of this
feature to allow sally the remote user to sometimes print stuff by running the
printing stuff as a local user (since only local users are allowed to print
stuff in your highly secure system), well, sally could have used the the
vulnerable sudo to run stuff as root and do all sorts of nasty things like peek
in others’ e-mail (and if you angered her, she just might have).

Of
course, not using the dubious convenience offered by sudo would have spared you
the pain in the first place.