What's so secure about sudo?

What's so secure about sudo?

Rabin Yasharzadehe rabin at rabin.io
Tue Jun 18 17:20:24 IDT 2019 

* https://www.youtube.com/watch?v=o0purspHg-o
*
https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf


--
Rabin


On Tue, 18 Jun 2019 at 09:25, Shlomo Solomon <shlomo.solomon at gmail.com>
wrote:

> This has bothered me for years and I decided to "get it off my chest".
>
> For many years I used su to do administrative tasks, but "everyone"
> uses sudo and the claim is that it's more secure than actually logging
> in as root.
>
> In principal, of course, root login is not a good thing, but let's
> remember something I've never seen discussed. I would assume that on
> most systems the root password is MUCH more secure than that of a
> regular user. Now if I give user david sudo privileges, anyone who
> cracks david's (weak) password now has access to root privileges.
>
> And before anyone says that this is only a one-time authorization, what
> if the guy who cracked david's password now does:
>        sudo passwd root
>
> So what's so secure about using sudo?
>
> --
> Shlomo Solomon
> http://the-solomons.net
> Claws Mail 3.16.0 - Kubuntu 18.04
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20190618/8f331c01/attachment.html>

More information about the Linux-il mailing list