Sudo, su, gksudo, and gnomesu - and security

This is about security.

I recently got referred to the pwn2own contest results. Very interesting stuff. It’s been run for 3 years now, Mac went down first every time, Windows 2nd. Ubuntu is the Linux distro used, and it hasn’t gone down at all. BUT, the pwners, and the pwn2own organizers have publicly stated that nobody is even trying to pwn the Ubuntu machine! They say the Mac machine goes down first because that gets rep. The Windows machine goes down next because ppl can do it, but the top hackers aren’t using their hacks there, since they say the hacks are worth more money than the contest is paying ($5 or $10K)! All very interesting stuff, along with the Brit hacker getting past SOHO router hardware firewalls, reported in the Register recently.

Got me thinking about security again. I decided it might be a wiser choice to set up my root account like Ubuntu’s default, and rely on sudo. Since all my machines are more desktops than servers, this makes sense to me as a security measure. *

This seems like a good topic for flamebait, but I’d like to hear opinions on some of the pros and cons of the idea. And there are some obvious questions, how will Yast2 act (gui root pw request)? And, if the root account pw is disabled, you can’t use gksu (gnomesu), and you’d have to get gksudo installed somehow.

My thinking goes back to old training as a network admin: you never, ever enable the “Admin” account, since everybody knows that user-name. Root is the same way. So if somebody can get to my open ports thru my router, I’m concerned! [On the flip side, it should be noted that in pwn2own, nobody could get into ANY of the boxes this way, with all ports on install default. Not Mac, not Vista, not 7, not Ubuntu. But I also know Ubuntu default sets iptables to Deny, so nothing is really “open”. My user setup has more open than that. Hackers had either 4 hours or the full day to try that way. It appeared to me that all the hax got in thru javascript or flash, and once in, pwned. So they had to have a url, or an email (which had to be opened) to get in.]

Long post, but interesting stuff - to me. Your thots? Corrections? Rants?*

> Long post, but interesting stuff - to me. Your thots? Corrections?
> Rants?

try using a root pass like: *q)jq$lg)!m8v)N1mOiFHB0PgP>=L5T

see: https://www.grc.com/passwords.htm

then write it on a sticky and put it on your monitor, or on the back
side of your keyboard… :wink:


palladium

That’s my mother’s maiden name!

She’s not from here…

Confuseling wrote:
> She’s not from here…

LOL!!


palladium

Ah, yes Steve G. A good guy, altho I only know him from his pages and Spinrite. He’s always been generous when it comes to security.

Yah, I could go with a pw like that - or I could look at using a USB lock for root. Worth thinking about. Or I could put the pw in an encrypted file on a USB thumb for root and disable any remote login for root. Technically, that could be broken with the encrypted file, but now I’m talking like super duper CIA NSS type paranoia!

Oh, and btw, how could you be so %tyou9id, to really suggest that anyone to put the pw on their monitor! Everybody knows that spot! You should tape it onto the back of the desk drawer, or put a note in your cell phone!

Cheers!

Nope, it should be on the monitor, bottom part, so that you don’t have to look up from the keyboard. And the one material that’s realy safe are PostIt’s, since they cannot get lost. As a system admin, I change the passwords on the PostIt’s or add a family pack of new ones.

This is quite secure: names and birthdays of people you don’t know.

Hope I understood the default Ubuntu settings:

In Ubuntu I do not like the concept of
ether use a not-administrative account for normal work log out and in for administrative tasks
or use the admin account for every-day-use and using the administrator password for things like unlocking the desktop.

Two passwords (an easy one for normal day work and an more complex one for administrative word) used in one account (after one login) seems to me a better mix of laziness and awareness.

But I assume with a better way of handling/make sudoers and polkit/policykit it may be possible to do it like this even with an unabled root-password/root-account.
Hopefully no one ‘evil’ has a [valid] patent according to this.

Should the numeric ID of root/the superuser/the super-administrator stay the same - example given to have access with a live-CD if you closed yourself out of your system?

Compare also: https://features.opensuse.org/305640

Regards
Martin
(pistazienfresser)