Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Karl DeBisschop <kdebisschop () alert infoplease com>
Date: Sun, 07 Dec 2003 09:13:37 -0500
On Sun, 2003-12-07 at 03:28, Todd Burroughs wrote:
Sometimes, old and silly rules aren't just about security. The *real* reason for the "always su from a user account" rule isn't to stop exploits. It's so you have an audit trail of who did what.This is exactly why I need su. We have about 20 people with root access, only about 8 or 10 that regularly change things. You need an audit trail, we all make mistakes and it's a lot easier and faster (really important on a production system) if you find out who did it and talk to them.
You keep listing audits and account separation, but fail to mention 'sudo'. With sudo, you can have multiple root-privileged level accounts all with their own UIDs. Not only is the invocation of sudo logged, but the cammond issued is logged, so you may not even need to wake up the unfortunate sysadmin to find out how to fix it. Plus, since sudo only elevates the privilege for one command at a time, you can safely open a browser as a normal user. We all have probably noticed that when logged on as root, most of your command do not actually need root privileges -- each of those commends does constitute an attack vector, however. Even better, you can restrict the escalation of the privileges so that some user have full access and others have for example only the right to restart or reload the web server. If you are using su to co-manage a server, you may be a little behind the curve in this respect. I suggest looking at sudo. -- Karl DeBisschop <kdebisschop () alert infoplease com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new dos attack?, (continued)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)