| |||||||||||||
OpenWall 3.0OpenWall 3.0Posted Dec 26, 2010 22:42 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)In reply to: OpenWall 3.0 by smoogen Parent article: Linux capabilities support for user namespaces
I don't really understand all this setuidless craziness.
Sure, having setuid on 'ping' is crazy, but having setuid bit on 'sudo' is downright logical.
(Log in to post comments)
OpenWall 3.0 Posted Jan 6, 2011 17:01 UTC (Thu) by solardiz (guest, #35993) [Link]
Having sudo and allowing for the use of su to elevate privileges is downright illogical in most cases (on servers, which is what Openwall GNU/*/Linux is for). Here are some excerpts from past discussions on the topic:
http://www.openwall.com/lists/owl-users/2004/10/20/6
The alternative to the su/sudo approach is direct root logins. And the solution to the accountability problem (with multiple sysadmins) is multiple root-privileged accounts (with a distinct naming convention for clarity).
Occasional exceptions do exist. In our experience, less than 10% of server systems would potentially benefit from sudo, and a safer approach can be used on those anyway: we generally prefer ssh forced commands - that is, command=... in authorized_keys - even if this is to be invoked by a local account on the system itself, such as by a support person who is not a "full" sysadmin.
OpenWall 3.0 Posted Jan 6, 2011 17:15 UTC (Thu) by solardiz (guest, #35993) [Link]
As to the "setuidless craziness" in general, it makes more sense once you actually have no SUID programs(*) left on the system - like we do not on a default install of Owl 3.0. This mitigates the impact of potential vulnerabilities in parts of ld.so, libc, and the kernel. Relevant vulnerabilities in each one of these components have been discovered (and fixed) in the past, and more are to be introduced/discovered/fixed.
(*) ...nor any similarly-privileged-on-exec programs, such as with fscaps with a root-equivalent capability set. We do not use fscaps in Owl 3.0.
|
|||||||||||||