Advertisement

Understanding sudo

Started by March 01, 2009 09:19 AM
16 comments, last by Kenneth Godwin 15 years, 8 months ago
As I understand it, sudo gives administrative privileges for a single command. However, it's often setup to essentially give administrative privileges for 15 minutes (by not asking for the administrative password). I know next to nothing about Linux, but isn't that nearly the same as running as the administrator? I don't understand the security benefit when sudo is used in such a manner.
I love the 'nets.
Personally, I use "su" instead of "sudo". sudo isn't even available by default in my Linux actually (it's not Ubuntu), which is why I never got into the habbit of using it. Anyway, with "su", you're administrator until you type exit or close the console window (which probably does "exit" in the background). So it's secure if you don't leave superuser terminal windows open when not needed :)

Does the admin privilege of sudo also end when you close the console window, or does the timer keep it active in the background somewhere?

I think a reason why it's secure, is, that in general Linux was already designed with the mindset of what has to be done as admin and what not. A Linux user knows what needs to be done as admin and never gets unexpected messages asking him to become admin. He chooses himself to do something with admin rights, instead of being asked for it. So it just won't happen quickly that a Linux user is tricked into using "sudo" on a virus. Whereas in Windows, a user gets so many popup windows asking for his password already anyway, he might just type it in such a popup of a virus asking admin rights (I'm not sure if any virus did this IRL already though, I've got to be honest and say I've never actually used Windows Vista).
Advertisement
Thanks for the response. I've rated you up.

In Linux, do programs have access to the "console"? If so, what's keeping a malicious program from doing malicious things once you've (temporarily) gained administrative privileges?

I'd answer your question if I knew for sure, though I'll guess it does end.
I love the 'nets.
Quote: Original post by iaminternetsIn Linux, do programs have access to the "console"? If so, what's keeping a malicious program from doing malicious things once you've (temporarily) gained administrative privileges?


Interesting question. You mean like, a program in user space could discover that you opened a console window and became root in it, and then somehow type commands in it without the user touching his keyboard? I'm also curious whether this is possible.

How would such a program get run in the first place though? A user would have to run such a malicious program, and during the same session open a terminal window and become root in it.

It doesn't happen often that I run random executables in Linux. Most executable I run, were installed by the package manager (which downloads it from the archlinux.org servers), or compiled from my own source code with gcc.

The biggest danger maybe would be if someone took over the server with the packages (or a mirror) and replaced all packages with malicious programs! That would give quite a dangerous effect on all users updating their system (which must always be done as root)! I wonder if there are security keys or whatever to protect against that.

I think Linux's safety against virii would only be tested if the user base would be large enough to make a virus able to spread and make it interesting enough to target it. At this time however Linux users are people who are less likely to fall for traps like opening a "funny attachment" and such, since currently to use, install, or know the existence of Linux a person must be more knowledgeable about computers. I've recently heard something about a type of scripts for KDE that could act as virii though...

Anyway, I'm sorry for going off topic, I hope someone can answer your original question :)
The purpose of sudo is to separate administrative tasks from root access. The owner of a single-user Linux system will not see a significant benefit from using sudo over su. (The admin group for every large, institutional multiuser system I know of, in contrast, either uses sudo or has made their own sudo-like thing).
Sudo doesn't elevate the privileges of the terminal/shell that's calling it. In other words, you can't do this:
% sudo lsPassword: <enter your password>....% rm -f /etc/passwd


What you usually can do however, is run the second command as "sudo rm -f /etc/passwd" from the same terminal without being asked for your password a second time, as long as too much time hasn't passed. Depending on the version and configuration of Sudo, it should store your authorization status with a tag indicating which terminal was authorized, so a different terminal wouldn't be able to run sudo commands without a password.

Sudo can be fine-tuned to allow only a specific set of commands to be run by specific users, so you don't have to give full root access to junior admins, etc. It also helps one to get in the habit of not running root shells all over the place, preventing accidental rm's, etc.

Yes, the 15-minutes of passwordless sudo does make it possible for somebody with physical access to your terminal to cause mayhem when you've just stepped out to the bathroom, but that's why you lock your screen when you leave. And if somebody knows your password and can unlock your screen, you already have a security breach.
Advertisement
I've rated everyone up.

I was mainly wondering whether programs could write to the "console" (I'm not sure whether that's the correct word), prefixing their command with sudo, and take advantage of administrative privileges to wreak havoc.

However, as Lode said, that would require that program running in the first place, so it's probably not an issue.

I suppose I'm still stuck in Windows-pre-XP-SP2 paranoia. ;)
I love the 'nets.
Quote: Original post by iaminternets
I was mainly wondering whether programs could write to the "console" (I'm not sure whether that's the correct word), prefixing their command with sudo, and take advantage of administrative privileges to wreak havoc.
That's actually a good example of why sudo is useful in large, multiuser systems. With su, an attacker who's compromised an admin's account is one keylogger away from full root access; he just replaces the console program on the user's account, waits for the user to go to root, and captures the password. With sudo, the root password is not entered, or even known; the only way to go to root is through sudo, which (assuming correct configuration) is limited and logged.

On a single-user system, in contrast, root access doesn't confer a major benefit over user access, so this isn't really an issue.
Quote: Original post by Lode
So it just won't happen quickly that a Linux user is tricked into using "sudo" on a virus.

I disagree. The very first thing that Linux user does on software package is installing it. Package installation requires superuser privileges, and package install scripts are run as root, with enough privileges to replace system files and install daemons running as root. I think a virus which infects package creation tool (and later on all packages produced with the tool) could spread for a while until getting noticed.

edit: as for privilege escalation from user to root on typical desktop, all it takes is changing "start menu" entries to run malicious program in place of system configuration tool, as superuser. Next time user wants to use package manager or something, bamm, malicious program could install daemon running as root, remove traces of itself from start menu, and run the tool which user wanted to run so it looks perfectly normal.

Sneftel: sudo sh then screw with system to make proper root account if you wish.
Quote: Original post by Dmytry
Sneftel: sudo sh then screw with system to make proper root account if you wish.
I don't think you understand what it means to correctly configure sudo in a large multiuser environment.

This topic is closed to new replies.

Advertisement