Re: sudo in general, and not requiring password in particula…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft via PLUG-discuss
Date:  
To: techlists, Main PLUG discussion list
CC: George Toft
Subject: Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Sorry, Kieth, I have bad news for you. You took a 30+ year leap
backwards in security.

I can tell you for certain, from my bank fraud analyst friend (just got
promoted to financial crimes investigator), checks are the second most
insecure way of transferring money, first being putting the money in the
envelope. They helped the USPS bust a fraud ring who worked in the Post
Office - fraudsters were pulling checks out of envelopes inside the
local Post Office. My friend pulled out all the details for the
Postmaster General.

ACH is free (for you) and secure and guaranteed by the originator as
they are on the hook to prove the identity of who initiated the
transaction and they have to pay. It's all very complicated, and I'm not
going into details here.

I use ACH all the time. My physical devices have multi-layer physical
protection. Logical access control is in-place. Both have multi-factor
authentication. Password resets require multi-factor authentication.

And the DoD is worse - their systems have so many layers, it was easier
to just let my account get deleted from lack of use and rebuilt it from
scratch. I have notes that tell me screen-by-screen what to put in each
box and which ones to ignore. It's so secure, legitimate users can't
even get in... and this is just my health insurance.

Where all of this can break down - getting on topic - is with the SSH
protocol and web proxies. When you connect to a website using HTTPS
using a web proxy, your web browser uses it's cert to set up the
connection, or so it thinks. What's really happening is the proxy is
responding to the request and decrypting the message, then it forms a
new request and sends it to the bank, which believes the proxy and sends
it back. Everything gets decrypted on the proxy, so whoever has admin
access to the proxy can see everything. Kinda like opening envelopes in
the mail room :) Disclaimer: This is what some networking guys told me
in a presentation about 10 years ago.

In summary, ACH is safe if you do it from home without a proxy. Of
course "safe" is relative, but it's safer than checks in the mail. Drop
into your bank and ask the branch manager, or call their customer
service and ask. They won't tell you checks are bad, but they will steer
you to ACH and tell you it's better. Break out the Rosetta Stone and
figure out what "better" means in corporate-speak. Banks are in it to
win it, and they don't offer something for free unless they are saving
money (cost avoidance) on the alternatives.

Regards,

George Toft

On 7/3/2024 6:21 AM, wrote:
> <scroll>
>
> On 2024-07-02 18:20, George Toft via PLUG-discuss wrote:
>> I work for a bank, and you would be amazed at how much security is
>> baked into the connecting your browser to their web servers. Makes
>> the NSA look like freshmen. And no, I'm not telling you who I work for.
>>
>> Regards,
>>
>> George Toft
>
> I'd like to hear more.  The world is a hostile place.  I recently went
> old school.  I asked the bank to disarm my online banking.  I now deal
> with paper statements and everything gets paid by check. Not as
> convenient as on-line banking, however I am hoping it makes my world a
> little bit more secure.
>
> What are your thoughts?
>
> Keith
>
>
>
>
>
>>
>> On 6/29/2024 5:19 PM, Keith Smith via PLUG-discuss wrote:
>>> Mike,
>>>
>>> The world is a hostile place.  The more precautions you take the
>>> better.  I cover the camera on my cellular phone while not in use. 
>>> I cover the camera that is built into my laptop while it is not in
>>> use.  I think on-line banking is dangerous.  At some point I want to
>>> turn off WIFI and go to wired only on my local net.
>>>
>>> We lock our cars and houses for a reason.
>>>
>>> I do not know as much security as I'd like, however it might be
>>> necessary at some point to to become more cyber.
>>>
>>> About 24 years ago the members of the Tucson Free Unix Group (TFUG)
>>> helped me build a server that I ran out of my home.  We left the
>>> email relay open and I got exploited.  About 10 years ago I became
>>> root and I accidentally overwrote my home directory. yikes... both
>>> were painful.  The first example is a reason we must be more aware
>>> of what we are doing. The 2nd is an example why we should use sudo
>>> as much as we can instead of becoming root.
>>>
>>> Keith
>>>
>>>
>>>
>>> On 2024-06-29 08:55, Michael via PLUG-discuss wrote:
>>>> I just realized, while 99% of the people on this list are honest there
>>>> is the diabolical 1%. So I guess I enter my password for the rest of
>>>> my life. Or do you think that it really matters considering this is
>>>> only a mailing list?
>>>>
>>>> On Sat, Jun 29, 2024, 10:22 AM Michael <> wrote:
>>>>
>>>>> Thanks for saying this. I realized that I only needed to run apt as
>>>>> root. I didn't know how to make it so I could do that..... but
>>>>> chatgt did!
>>>>>
>>>>> On Sat, Jun 29, 2024, 5:53 AM Eric Oyen via PLUG-discuss
>>>>> <> wrote:
>>>>>
>>>>>> NO WORRIES FROM THIS END RUSTY.
>>>>>>
>>>>>> As a general rule, I use sudo only for very specific tasks
>>>>>> (usually updating my development package tree on OS X) and no
>>>>>> where else will I run anything as root. I have seen what happens
>>>>>> to linux machines that run infected binaries as root and it can
>>>>>> get ugly pretty fast. In one case, I couldn’t take the machine
>>>>>> out of service because of other items I was involved with, so I
>>>>>> simply made part of the dir tree immutable after replacing a few
>>>>>> files in /etc. That would fill up the system logs with an error
>>>>>> message about a specific binary trying to replace a small number
>>>>>> of conf files. Once the offending binary was found, it made things
>>>>>> easier trying to disable it or get rid of it. However, after a
>>>>>> while, I simply pulled the drive and ran it through a Dod secure
>>>>>> erase and installed a newer linux bistro on it. I did use the same
>>>>>> trick with chattr to make /bin, /sbin and /etc immutable. That
>>>>>> last turned out to be handy as I caught someone trying to rootkit
>>>>>> my machine using a known exploit, only they couldn’t get it to
>>>>>> run because the binaries they wanted to replace couldn’t be
>>>>>> written to. :)Yes, this would be a bit excessive, but over the
>>>>>> long run, proved far less inconvenient than having to wipe and
>>>>>> reinstall an OS.
>>>>>>
>>>>>> -Eric
>>>>>> From the central Offices of the Technomage Guild, security
>>>>>> Applications Dept.
>>>>>>
>>>>>>> On Jun 28, 2024, at 6:43 PM, Rusty Carruth via PLUG-discuss
>>>>>> <> wrote:
>>>>>>>
>>>>>>> (Deep breath.  Calm...)
>>>>>>>
>>>>>>> I can't figure out how to respond rationally to the below, so
>>>>>> all I'm going to say is - before you call troll,  you might want
>>>>>> to research the author, and read a bit more carefully what they
>>>>>> wrote.  I don't believe I recommended any of the crazy things you
>>>>>> suggest.  And I certainly didn't intend to imply any of that.
>>>>>>>
>>>>>>> On the other hand, it may not have  been clear, so I'll just say
>>>>>> "Sorry that what I wrote wasn't clear, but english isn't my first
>>>>>> language.  Unfortunately its the only one I know".
>>>>>>>
>>>>>>> And on that note, I'll shut up.
>>>>>>>
>>>>>>> On 6/26/24 15:05, Ryan Petris wrote:
>>>>>>>> I feel like you're trolling so I'm not going to spend very much
>>>>>> time on this.
>>>>>>>>
>>>>>>>> It's been a generally good security practice for at least the
>>>>>> last 25+ years to not regularly run as a privileged user,
>>>>>> requiring some sort of escalation to do administrative-type tasks.
>>>>>> By using passwordless sudo, you're taking away that escalation.
>>>>>> Why not just run as root? Then you don't need sudo at all. In
>>>>>> fact, why even have a password at all? Why encrypt? Why don't you
>>>>>> just put all your data on a publicly accessible FTP server and
>>>>>> just grab stuff when you need it? The NSA has all your data anyway
>>>>>> and you don't have anything to hide so why not just leave it out
>>>>>> there for the world to see?
>>>>>>>>
>>>>>>>> As for something malicious needing to be written to use sudo,
>>>>>> why wouldn't it? sudo is ubiquitous on unix systems; if it didn't
>>>>>> at least try then that seams like a pretty dumb malicious script
>>>>>> to me.
>>>>>>>>
>>>>>>>> You also don't necessarily need to open/run something for it to
>>>>>> run. IIRC there was a recent image vulnerability in Gnome's
>>>>>> tracker-miner application which indexes files in your home
>>>>>> directory. And before you say that wouldn't happen in KDE, it too
>>>>>> has a similar program, I believe called Baloo.
>>>>>>>>
>>>>>>>> There also exists the recent doas program and the systemd
>>>>>> replacement run0 to do the same.
>>>>>>>>
>>>>>>>> On Wed, Jun 26, 2024, at 12:23 PM, Rusty Carruth via
>>>>>> PLUG-discuss wrote:
>>>>>>>>> Actually, I'd like to start a bit of a discussion on this.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> First, I know that for some reason RedHat seems to think that
>>>>>> sudo is
>>>>>>>>> bad/insecure.
>>>>>>>>>
>>>>>>>>> I'd like to know the logic there, as I think the argument FOR
>>>>>> using sudo
>>>>>>>>> is MUCH stronger than any argument I've heard (which,
>>>>>> admittedly, is
>>>>>>>>> pretty close to zero) AGAINST it.   Here's my thinking:
>>>>>>>>>
>>>>>>>>> Allowing users to become root via sudo gives you:
>>>>>>>>>
>>>>>>>>> - VERY fine control over what programs a user can use as root
>>>>>>>>>
>>>>>>>>> - The ability to remove admin privs (ability to run as root)
>>>>>> from an
>>>>>>>>> individual WITHOUT having to change root password everywhere.
>>>>>>>>>
>>>>>>>>> Now, remember, RH is supposedly 'corporate friendly'. As a
>>>>>> corporation,
>>>>>>>>> that 2nd feature is well worth the price of admission, PLUS I
>>>>>> can only
>>>>>>>>> allow certain admins to run certain programs? Very nice.
>>>>>>>>>
>>>>>>>>> So, for example, at my last place I allowed the 'tester' user
>>>>>> to run
>>>>>>>>> fdisk as root, because they needed to partition the disk under
>>>>>> test.  In
>>>>>>>>> my case, and since the network that we ran on was totally
>>>>>> isolated from
>>>>>>>>> the corporate network, I let fdisk be run without needing a
>>>>>> password.
>>>>>>>>> Oh, and if they messed up and fdisk'ed the boot partition, it
>>>>>> was no big
>>>>>>>>> deal - I could recreate the machine from scratch (minus
>>>>>> whatever data
>>>>>>>>> hadn't been copied off yet - which would only be their most
>>>>>> recent run),
>>>>>>>>> in 10 minutes (which was about 2 minutes of my time, and 8
>>>>>> minutes of
>>>>>>>>> scripted 'dd' ;-)  However, if the test user wanted to become
>>>>>> root using
>>>>>>>>> su, they had to enter the test user password.
>>>>>>>>>
>>>>>>>>> So, back to the original question - setting sudo to not
>>>>>> require a
>>>>>>>>> password.  We should have asked, what program do you want to
>>>>>> run as root
>>>>>>>>> without requiring a password? How secure is your system? What
>>>>>> else do
>>>>>>>>> you use it for?  Who has access?  etc, etc, etc.
>>>>>>>>>
>>>>>>>>> There's one other minor objection I have to the 'zero defense'
>>>>>> statement
>>>>>>>>> below - the malicious thing you downloaded (and, I assume ran)
>>>>>> has to be
>>>>>>>>> written to USE sudo in its attempt to break in, I believe, or
>>>>>> it
>>>>>>>>> wouldn't matter HOW open your sudo was. (simply saying 'su -
>>>>>> myscript'
>>>>>>>>> won't do it).
>>>>>>>>>
>>>>>>>>> And, if you're truly paranoid about stuff you download, you
>>>>>> should:
>>>>>>>>>
>>>>>>>>> 1 - NEVER download something you don't have an excellent
>>>>>> reason to
>>>>>>>>> believe is 'safe', and ALWAYS make sure you actually
>>>>>> downloaded it from
>>>>>>>>> where you thought you did.
>>>>>>>>>
>>>>>>>>> 2 - For the TRULY paranoid, have a machine you use to download
>>>>>> and test
>>>>>>>>> software on, which you can totally disconnect from your
>>>>>> network (not
>>>>>>>>> JUST the internet), and which has NO confidential info, and
>>>>>> which you
>>>>>>>>> can erase and rebuild without caring.  Run the downloaded
>>>>>> stuff there,
>>>>>>>>> for a long time, until you're pretty sure it won't bite you.
>>>>>>>>>
>>>>>>>>> 3 - For the REALLY REALLY paranoid, don't download anything
>>>>>> from
>>>>>>>>> anywhere, disconnect from the internet permanently, get
>>>>>> high-tech locks
>>>>>>>>> for your doors, and wrap your house in a faraday cage!
>>>>>>>>>
>>>>>>>>> And probably don't leave the house....
>>>>>>>>>
>>>>>>>>> The point of number 3 is that there is always a risk, even
>>>>>> with
>>>>>>>>> 'well-known' software, and as someone else said - they're
>>>>>> watching you
>>>>>>>>> anyway.  The question is how 'safe' do you want to be? And how
>>>>>> paranoid
>>>>>>>>> are you, really?
>>>>>>>>>
>>>>>>>>> Wow, talk about rabbit hole! ;-)
>>>>>>>>>
>>>>>>>>> 'Let the flames begin!' :-)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 6/25/24 18:50, Ryan Petris via PLUG-discuss wrote:
>>>>>>>>>>> wanted sudo not to require a password.
>>>>>>>>>> Please reconsider this... This is VERY BAD security practice.
>>>>>> There's basically zero defense if you happen to download/run
>>>>>> something malicious.
>>>>>>>>>>
>>>>>>>>>> On Tue, Jun 25, 2024, at 6:01 PM, Michael via PLUG-discuss
>>>>>> wrote:
>>>>>>>>>>> then I remember that a PLUG member mentioned ChatGPT being
>>>>>> good at troubleshooting so I figured I'd give it a go. I sprint
>>>>>> about half an hour asking it the wrong question but after that it
>>>>>> took 2 minutes. I wanted sudo not to require a password. it is
>>>>>> wonderful! now I don't have to bug you guys. so it looks like this
>>>>>> is the end of the user group unless you want to talk about OT
>>>>>> stuff.
>>>>>>>>>>>
>>>>>>>>>>> -- :-)~MIKE~(-:
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list:
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list:
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list:
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list:
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list:
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> ---------------------------------------------------
>> PLUG-discuss mailing list:
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss