You are not logged in.
- Topics: Active | Unanswered
#1 2011-04-23 02:32:18
- xiaq
- Member
- From: somewhere in China...
- Registered: 2011-03-06
- Posts: 89
[solved]Potential security risk of having sudo without password on PC?
I have a laptop and I'm the only user. I wrote
%wheel ALL=(ALL) NOPASSWD: ALLin my /etc/sudoers when I became tired of typing my password every time I need to tweak my system. But, I'm worried about situations where malicious scripts could just run
sudo do something evilwithout me noting it. If I have sudo that requires password, the harm of such scripts would be considerably less. Am I correct at this point? Could anyone describe such a situation in detail?
I have a habit a locking my screen whenever I leave my laptop, and I don't have auto-login turned on, so my laptop is safe when I leave it just for a while. So mostly, I only care about risks of remote attacks (as opposite to attacks in the physical world).
Last edited by xiaq (2011-04-23 09:48:19)
Offline
#2 2011-04-23 02:44:25
- ngoonee
- Forum Fellow
- From: Between Thailand and Singapore
- Registered: 2009-03-17
- Posts: 7,356
Re: [solved]Potential security risk of having sudo without password on PC?
Physical security is normally the biggest issue. Remote attacks.... depends on the vectors you foresee. Networking based attacks shouldn't be an issue if you don't run ssh and similar.
Why not simply login using su - when doing system tweaking....
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
#3 2011-04-23 03:15:29
- xiaq
- Member
- From: somewhere in China...
- Registered: 2011-03-06
- Posts: 89
Re: [solved]Potential security risk of having sudo without password on PC?
Physical security is normally the biggest issue. Remote attacks.... depends on the vectors you foresee. Networking based attacks shouldn't be an issue if you don't run ssh and similar.
Why not simply login using su - when doing system tweaking....
Thanks, but what about the security flaws of web browsers? (I use Firefox.) Yeah, this is a somehow general question, but I'm especially curious about situations where browser's security flaws would enable malicious scripts to run sudo.
I prefer sudo because most of time I only have to sudo a command or two, and su in and out requires more keystrokes 
Another reason is that my shell environment relies heavily on .profile and .foorc files in my $HOME setting up a familiar interactive shell; to make things worse, they also call some other scripts in $HOME. I did try to symlink those files to /root but it turned out not very easy, so I decided to stick with sudo Point me out if sysadmins have had nice workarounds around this su problem.
PS. There doesn't seem to be BBCode for inline code. When I put [ code ] around some text it always gets split into a separate line...
Offline
#4 2011-04-23 04:01:39
- ngoonee
- Forum Fellow
- From: Between Thailand and Singapore
- Registered: 2009-03-17
- Posts: 7,356
Re: [solved]Potential security risk of having sudo without password on PC?
I simply symlink my favourite rc files to root. Using -m may help (this is only for environment variables though).
Actually, I'd personally find it beneficial to have a whole different set of rc files for root. For example a different vim colorscheme, so I can tell immediately whether I'm editing with root permissions.
But yes, this isn't very scalable for heavily customized situations of course.
I'm not very sure about browser-based security flaws, but does firefox (or any browser) allow a user shell access by default? Seems unlikely to me. It also seems unlikely that malicious scripts specifically target linux systems which have no sudo password. Of course, security by obscurity doesn't really work, but in this case it does seem reasonable (to me and my unimportant system).
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
#5 2011-04-23 04:02:58
- tavianator
- Member
- From: Waterloo, ON, Canada
- Registered: 2007-08-21
- Posts: 858
- Website
Re: [solved]Potential security risk of having sudo without password on PC?
Roughly speaking, any attack that achieves code execution (which is basically all important ones) has the ability to run "sudo rm -rf /" or worse. However, the odds that you even encounter a linux browser exploit in the wild are pretty low, and the odds that it assumes that you can wheel are even lower. Furthermore, on desktop PCs, most of the damage that can be done can be done as your user (corrupting your documents, etc.); I don't mind reinstalling or what have you, but I'd hate to lose some of my files.
From a puristic point of view though, being able to sudo without a password is equivalent to root access, so the only benefit to the privilege separation at that point is that typos are less likely to kill your whole computer. I personally don't even have sudo installed, and just use su.
Sudo can be configured to only ask for a password every few minutes I believe, and that may be ideal for you.
Offline
#6 2011-04-23 09:47:30
- xiaq
- Member
- From: somewhere in China...
- Registered: 2011-03-06
- Posts: 89
Re: [solved]Potential security risk of having sudo without password on PC?
Roughly speaking, any attack that achieves code execution (which is basically all important ones) has the ability to run "sudo rm -rf /" or worse. However, the odds that you even encounter a linux browser exploit in the wild are pretty low, and the odds that it assumes that you can wheel are even lower. Furthermore, on desktop PCs, most of the damage that can be done can be done as your user (corrupting your documents, etc.); I don't mind reinstalling or what have you, but I'd hate to lose some of my files.
From a puristic point of view though, being able to sudo without a password is equivalent to root access, so the only benefit to the privilege separation at that point is that typos are less likely to kill your whole computer. I personally don't even have sudo installed, and just use su.
Sudo can be configured to only ask for a password every few minutes I believe, and that may be ideal for you.
Thanks for the explanation. BTW I knew that sudo could be configured to ask the password every x minutes; I used to set x=30, but I grew even lazier since then
Offline
#7 2011-04-23 15:25:06
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,789
Re: [solved]Potential security risk of having sudo without password on PC?
You can configure sudo on a command by command basis. If you were able to come up with a collection of commands for which you don't want to type a password, you could throw those in sudo configuration; while leaving out obscure or particularly dangerous commands that would still require a password.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline