[886] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Thu Jan 22 11:59:51 2009
Message-Id: <200901221659.n0MGxSEk009565@byte-me.mit.edu>
To: Greg Hudson <ghudson@MIT.EDU>
cc: Evan Broder <broder@MIT.EDU>, athena10@MIT.EDU
In-Reply-To: Your message of "Thu, 22 Jan 2009 11:43:25 EST."
<1232642605.6528.4.camel@ray>
Date: Thu, 22 Jan 2009 11:59:28 -0500
From: Mitchell E Berger <mitchb@MIT.EDU>
> 2. Passwordless sudo means you can get root (within a login chroot) if
> you take over the console session of another user, e.g. if someone
> leaves their session un-screensaved. It's not clear whether root access
> within a login chroot is more valuable to an attacker than a user's
> tickets and tokens are.
How is that different from the current state of affairs in Athena 9
where you can walk up to such a session and run 'su' with the well-known
root password (which will also be an available option in Athena 10)?
I don't think the passwordless sudo really adds any security concerns.
I worry a little about people using root access more than they mean
to (lots of web directions tell you to 'sudo make install' this or
that). But since it's a snapshot session anyhow, they're not going
to mess up more than their current login session, so that probably
doesn't matter either.
Mitch