What's so secure about sudo?
Boruch Baum
boruch_baum at gmx.com
Tue Jun 18 10:07:32 IDT 2019
In addition to Omer's answer, it used to be common on large multi-user
systems to have the sudo use of each user logged, for accountability.
On 2019-06-18 09:23, Shlomo Solomon wrote:
> This has bothered me for years and I decided to "get it off my chest".
>
> For many years I used su to do administrative tasks, but "everyone"
> uses sudo and the claim is that it's more secure than actually logging
> in as root.
>
> In principal, of course, root login is not a good thing, but let's
> remember something I've never seen discussed. I would assume that on
> most systems the root password is MUCH more secure than that of a
> regular user. Now if I give user david sudo privileges, anyone who
> cracks david's (weak) password now has access to root privileges.
>
> And before anyone says that this is only a one-time authorization, what
> if the guy who cracked david's password now does:
> sudo passwd root
>
> So what's so secure about using sudo?
>
--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
More information about the Linux-il
mailing list