sudo makes no sense : linuxsucks

[–] [email protected] 6 points 1 day ago (1 children)

Yea, I don't think you understand what you're saying. Security is not a binary thing - it's layered. And your user is not, in fact, authorised to do pretty much anything outside your homedir.

[–] [email protected] 0 points 1 day ago (1 children)

If the user is in the sudoers file, they are authorized to do the things configured there.
Which is obvious when they can do the thing after entering their own password.

But since they already entered the same password at login, and are still logged in, there's no point in entering the same password one more time.
If that's your idea for security, you might as well pop up another password prompt every half hour to check that the same person is still on the PC.

The argument "a password prompt tells the user to stop and think" is wrong. That's not what a password prompt's purpose is.
For that, you can pop up a confirmation dialog, or even a text box where they have to type in "yes".
Using a password for anything other than proving the correct user is at the keyboard makes it less secure.

This is why Active Directory and Kerberos are so great. You log in once in the morning, and that's it.
And since you only have to type in your password once before work, it can be really secure and long.
Also, the chance of someone standing behind you while you type it is reduced.

[–] [email protected] 2 points 1 day ago

If the user is in the sudoers file, they are authorized to do the things configured there.

Correct. But the thing configured there is "to act on behalf of root for these items", not the "things" themselves.

Which is obvious when they can do the thing after entering their own password.

$ touch file1
$ sudo touch file2
$ ls -l file{1,2}
-rw------- 1 illecors   illecors   0 Nov 12 14:56 file1
-rw------- 1 root       root       0 Nov 12 14:56 file2

It is not you executing stuff with sudo. file1 is owned by you, but file2 is owned by root.

But since they already entered the same password at login, and are still logged in, there’s no point in entering the same password one more time.

There is a point. See above.

The argument “a password prompt tells the user to stop and think” is wrong.

That's not an argument I've made, nor make.

For that, you can pop up a confirmation dialog, or even a text box where they have to type in “yes”.

Both of which are much easier to defeat than a pop up confirmation dialog with a text box for your password.

Using a password for anything other than proving the correct user is at the keyboard makes it less secure.

No it doesn't - you seem to be making things up to justify your lack of understanding. Authentication is not the same as authorisation, nor should it be treated the same way.

When you type in your password on a login prompt - you authenticate who you are.

When you type in your password on a sudo prompt - you authorise a command to be carried out on behalf of root.

This is why Active Directory and Kerberos are so great. You log in once in the morning, and that’s it.

I'm not sure you realise how little you do on a windows machine. Good luck installing system software or altering system files on an AD managed Windows machine without authorisation. Which is what your meme(?) is implying.

And since you only have to type in your password once before work, it can be really secure and long.

There is no justification here, just a manufactured statement.

Also, the chance of someone standing behind you while you type it is reduced.

See above.

[–] [email protected] 1 points 1 day ago

You want su. sudo is something else. It doesn't do things the way you want them to be done. The way it does things is correct for its use cases. You don't want to see that. So just fucking use su and leave us alone.

[–] [email protected] 5 points 2 days ago

You are not the only one able to execute code under your user's name. A normally installed program, running under your directive as user, can run other commands under your authority as user.

But it can't run as root. You can run things as root via sudo, when you prove your identity as yourself - with the password - rather than another program operating in your name.

Passwordless sudo I think could be exploited e.g. by writing a script and passing it to bash.

(Or, as another reply pointed out, it provides a barrier against moderate malice of a passer-by or a 'friend' temporarily using your computer.)

[–] [email protected] 4 points 2 days ago* (last edited 2 days ago)

Should be called medo

vim ~/.bashrc
alias medo=sudo
:wq

[+] [email protected] -10 points 2 days ago* (last edited 2 days ago) (1 children)

Either I have the right to perform the operation, or I don't.
If I don't, ask me for the password of someone who does.
If I do, ask me if I really want to elevate, but don't make me jump through hoops.
A prompt for my own password is nonsensical at this point.
And it reduces security, cause users choose a simpler password if they have to type it more often.

[–] [email protected] 14 points 2 days ago (2 children)

The prompt for your password is to prevent someone that happens upon your unlocked computer to take it over. Also I think knowing which commands can be run as superuser by a given user is considered a security issue, hiding that info behind a password prompt should at least help.

You can turn just turn the prompt off by adding NOPASSWD to your account in the sudoers file(s).

[–] superfes 12 points 2 days ago (1 children)

Pro-tip: Don't turn off the password requirement.

[+] [email protected] -7 points 2 days ago* (last edited 2 days ago) (2 children)

When someone has physical access to my unlocked computer, everything is already lost.
Then they have access to all my private files, and the system has to be considered as compromised.

And I know I can turn it off. But the standard that most distros use out of the box asks an already authenticated user to authenticate with the same method again.
Which is a security issue and a usability nightmare. Ideally, you should be prompted for your password so little that you can make it a long passphrase.

[–] [email protected] 2 points 2 days ago (1 children)

yk you can change that in the sudoers file tho right?
you can make it ask for the root user's password for elevation .... or even make it passwordless but that's a bad idea

[–] [email protected] 0 points 2 days ago (1 children)

Yes, I know. Everything can be configured differently.
But when the defaults are bad and you have a fleet of VMs to manage instead of just one laptop running Firefox, then it sucks.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago) (2 children)

You might be interested to know, there are tools for managing fleets of hardware and virtual machines.

You seem to think it's a bad thing. The rest of the industry understands and benefits from it.

Sudo is a useful solution that Microsoft is working to build into Windows.

https://learn.microsoft.com/en-us/windows/sudo/

[–] [email protected] 1 points 17 hours ago

also, nix :3

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

Because sudo elevates the targeted process to run with administrator-level permission, a prompt will open asking you to verify that you want to continue.

So, Microsoft is explicitely not doing the thing I have issues with in Linux's default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you're logged in, the system already knows you know that password and doesn't need to ask for it again.

[–] [email protected] 1 points 1 day ago (2 children)

As it's been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.

The windows implementation also is able to be used in the exact same configuration as sudo's more secure default configuration, on most distributions.

Windows doesn't pick the most secure configuration for a lot of things out of the box.

They're working on improving the security and balancing against making it useful for those who refuse to learn new practices.

I didn't see it mentioned, but several Linux distributions are configured exactly as you prefer. They aren't typically meant as enterprise implementations when configured like that.

You seem to be ranting that it's not set to your preferred less secure preferences or that you won't add a string to a configuration file to reduce the security.

It's your system set it how you like or adapt.

[–] [email protected] 1 points 17 hours ago* (last edited 17 hours ago) (1 children)

Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access... still wont protect against someone else doing stuff on your computer tho

[–] [email protected] 1 points 16 hours ago

There are methods to use libraries to click that or completely silence it. If a user can escalate so can code that is run in their user space.

One example they claim to be a non issue, in link below. I searched "rce bypass windows uac"... I found lot of discussion on it, even some git repos.

https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass

[–] [email protected] 1 points 1 day ago (1 children)

No, I'm ranting that the way Windows does it by default is more secure.
Overusing password prompts when they aren't actually necessary leads to users choosing fast-to-type passwords.
That's almost always just 1-2 common words with the first letter capitalized, a special character and a 1 at the end.
Which satisfies almost every org's PW requirements, while being absolutely useless.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

Ok. Thanks for expressing an opinion.

Here another opinion based on a lot of experiences and other experts.

You're wrong.

Yours is not an opinion that is shared by the community at large.

It's not a practice used at large enterprises that implement increased security* and remove local administrative access on user systems.

It's not a practice used in secure computing environments.

It's not supported by a basic search with the terms "entering sudo password less secure".

As a point you've made that is supported by research, passwords aren't the best solution.

No solution is perfect, passkeys are an option that are being implemented in a lot of places. You can implement that currently if you have the impetus.

Security is a balancing act. You're welcome to disable the password prompt for sudo usage on your systems.

What experience and expertise is grounding your opinion on this matter?

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

What experience and expertise is grounding your opinion on this matter?

I'm Citrix admin at a newspaper where security is locked down tight.
And I feel like you're still misunderstanding my point. Of course, enterprises with increased security do not grant users admin rights with the push of an OK button.
They don't grant them at all.

But the admins at my org authenticate once when they log in (with a password, certificate and second factor).
And they may have to ask for or enable temporarily raised rights for some tasks.
But they do not have to enter their same login password again when they do that. Because there just isn't an attack vector that this would protect against.
Instead, an entirely different login with different password is used, to harden the system against a successful attacker's lateral movement.

[–] [email protected] 2 points 1 day ago (1 children)

Everything you described is possible using sudo, when configured as desired.

Everything you've described is NOT default configuration in Citrix or Windows. I.e. removing local administrative accounts, domain admin accounts with limited permissions and rotating automatically resetting passwords, etc.

I've worked for several enterprises that require UAC password for elevation every time it's needed as the person with elevated permissions (someone who's smarter than the average user) isn't expected to write down their passwords in accessible spaces.

Most enterprises are using third party products to manage the same structure you've described.

You're describing how a lot of enterprises are managing authentication when handled by a person. Not out of the box configuration.

Again, it's a situation that is customized to the usage scenario. What people have suggested you do with your Linux systems.

As noted previously you can configure sudo as desired by the enterprise.

[–] [email protected] 1 points 1 day ago (1 children)

I actually didn't know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.
But I do see that it seems to make sense to people more knowledgable than me now.

Thanks for the great interaction, by the way.

[–] [email protected] 2 points 1 day ago (1 children)

I actually didn’t know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.

There are some paranoid environments, and some feel there is a lot to be paranoid about.

But I do see that it seems to make sense to people more knowledgable than me now.

I'm not claiming to know everything or to be more knowledgeable. I'm only hoping to persuade you that sudo has benefits, and should be configured for your needs and policies.

Thanks for the great interaction, by the way.

I'm glad we can interact peacefully. I hope you have a great day or night!

[–] [email protected] 1 points 1 day ago (1 children)

I hope you have a great day or night!

Actually, no. I just had an emergency alert in on-call service cause there were 3 failed login attempts on one of our fire-walled hosts. 😂

[–] [email protected] 2 points 1 day ago

Didn't mean to jinx you. 😂

[–] [email protected] 0 points 2 days ago

to me all sudo features make absolutely sense (except for too loose wildcard handling), also from a security point of view. if you dislike how its 'default' settings for your distro are like, change them to your needs or seek a distro that fits your needs. other way is dont use sudo, login as root directly, nothing hinders you (maybe your distros default setup that does not assume root login, then you'ld have to give root a password maybe) or write your own sudo alike security system if you like.

if you dislike security at all, do everything directly as root (also web browsing), put nopasswd foe your user into your sudoers file or go to puppy linux (afair there is only the root user and thus no boundary between user and root) but as soon as you encounter any Problems related to user-was-also-root, you 'might' have wanted such features ... afterwards then ;-)

simple reasons to let the user input his password before running things with higher privileges:

trigger the user to start the brian activity called 'thinking' before beeing allowed to go on.
user uses a webbrowser that could be RCE'd by some webpage to execute a shell then running anything as root on your machine.

Linuxsucks