|
|
Log in / Subscribe / Register

OpenSSH 8.0 released

OpenSSH 8.0 released

Posted Apr 30, 2019 15:07 UTC (Tue) by nix (subscriber, #2304)
In reply to: OpenSSH 8.0 released by mbunkus
Parent article: OpenSSH 8.0 released

As soon as you grant a user sudo without a password to any program that can write to arbitrary files (rsync, tar, cp, sed, awk, tee, bash, Perl, Python, whatever), that account becomes root for all intents and purposes.
Not for all: the user is still protected from typos and accidents -- just not from malicious attackers executing code as the user.

to post comments

OpenSSH 8.0 released

Posted Apr 30, 2019 15:14 UTC (Tue) by mbunkus (subscriber, #87248) [Link]

Sure, my statement was a bit too general. The original question was how to rsync root-owned stuff while root login via ssh is prohibited, and you do that in order to increase security, not in order to in order to make typos less dangerous. My comment was therefore meant that the two accounts are almost equivalent wrt. to security, especially regarding access from untrusted sources.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds