sudo – bane or benefit?

The commonly requested tool sudo is often maligned by younger administrators and venerated by older administrators.

But how much security does sudo actually provide? How useful is it really?

Running sudo gives you some benefits – so one hears:

• Using sudo records everything someone does as root.
• Using sudo prevents a user from running continually as root, preventing errors.
• Using sudo prevents a user from having to know the root password.
• Using sudo prevents a user from executing anything they are not permitted to.

The problem is that sudo does none of these things very well.

Sudo does indeed record everything one does as root. How does this increase our security? How does this prevent a hacker from compromising a system?

The answer is it doesn’t; recording what someone is doing through this method provides no security at all. A hacker will not use sudo; a regular admin who is using sudo can just use sudo ksh to get a shell that will do what they want. In this way, sudo is merely security through obscurity: if you don’t know how to bypass it, you’ll be recorded. Sudo is like a security camera, watching what you are doing.

Certainly, if you are using sudo, you are not continually running as root – and this is indeed a benefit – and perhaps the primary one. However, there are many things that must be done that cannot be done with sudo. Changing into a restricted directory is just one of them.

It is also true that a user using sudo does not have to know the root password; this also can be a benefit. However, ssh should already be in use and can serve this purpose even better: using an individual’s key, that individual can be granted rights to the root account without knowing the root password – and revoked at will.

The last item is the most dangerous: that using sudo, users can be completely limited in what they can do. The best example of how this can be abused is the attempt of some to prevent the running of a shell by a sudo user. No matter what the sudo file says, one can always do this:

$ cd /bin
$ cp ksh ~/bugbear
$ chmod 700 ~/bugbear
$ sudo ~/bugbear

Instant root shell for anyone with sudo access, regardless of the restrictions in the sudo file. This can be done for any program, as long as the user can read the file it can be changed to a different name and run elsewhere – and if the file can’t be read it can’t be run.

So what are the answers? There are several that, when taken together, will do what sudo wants to do but better:

• Use SSH. Using ssh one can limit a user to a specific command, and prevent the user from knowing the root password.
• Use rksh. This may be too restrictive, but can permit users to execute only certain commands appointed by the administrator.
• Use a chroot jail (or better yet, a BSD jail). Again, this may be too restrictive for most, but will permit a user to only do what is allowed – on a much more restrictive basis than rksh.
• Use an auditing shell. Ksh93 provides this capability – though there may be a reason that this specific capability is not in the standard ksh supported on today’s system. Using an auditing shell, every command from every user, including system administrators, is logged and retained – possibly to another system on the network. Here is a good article on ksh93 auditing. I would posit, however, that if you can’t trust your system administrators then they shouldn’t be your system administrators: often auditing like this merely provides “a throat to choke.”

In particular, if you utilize the ssh public key encryption capabilities to their fullest with a logging ksh93 shell – and with a “captive” menu perhaps – you can provide the capabilities of sudo without the drawbacks. If you do use sudo, realize how serious its shortcomings are and be aware of them to increase your security elsewhere.

Foreign Language Improvement

I’ve spoken on the benefits of improving your language skills: sharper mind, expanded technical resources, expanded knowledge, and a lot of other things.

I’ve recently discovered some ways to improve your foreign language online – and have fallen in love with one in particular: Livemocha.com.

This is not the only way – nor should it be – to learn a foreign language. You need to use all your resources. However, Livemocha.com does a good job of trying to do some of that and it helps you in every way it can.

They offer a place for language learners to learn from each other, and to practice speech and writing. There are courses – though they are mostly of the “memorize this vocabulary” type – but everything helps. Given the kind of courses they offer, these classes are very good at what they set out to do. Words and phrases are given to you in a number of ways and you must define them or create them in reply.

There are innumerable ways to assist others in learning your native tongue, and ways to get help.

You can determine who the serious and dedicated users are at a glance – the users are given points based on what they do on the site, and are given awards based on their work.

Try Livemocha.com today!

The real benefit of a password vault: security!

Using a password vault or a password safe can provide some ease and can simplify our lives nicely. However, what is the point of saving all these passwords when we can just type it in – or use Firefox or Opera to do it for us?

Let’s look at several and consider what they offer – and the hidden surprise that makes them most valuable. There are several that are worth considering depending on your environment – Apple’s Keychain, GNOME’s Keyring, KDE’s Kwallet, KeePass and KeePassX, and Passpack. The first three belong to that set of tools that provide for password vaults that are unlocked when you log into your computer. As long as you are logged in – and perhaps only until the screen saver kicks in or you log out – these tools will be active and your passwords automatically available.

KeePassX is part of a small set of tools that provide this capability, though in a cross-platform way.

Lastly, PassPack is an online password vault which is easy to use and provides for exports to other systems like KeePassX and its ilk.

What is it that provides a surprisingly high level of security with the use of these vaults? Simply this:

You can generate random passwords of arbitrary length that you need not even try to remember.

This is very powerful. Passwords no longer need to be memorized: so why try? The passwords can be generated by the associated password generator, and then copied or otherwise placed into the password field of whatever process is requesting authorization.

There is no pattern which makes it easier to crack – no combinations of words, numbers, etc – just pure randomness (or as close as one can get on a non-random entity like a computer).

Once you have a tool like a password manger in place, you can use a different password – a random password – for every site and every location that a password is needed.