Re:People don't crack passwords?
on
Sudo vs. Root
·
· Score: 1
God I am jealous.
As for pam vs hacking sudo.... hmmm something to think about.
Admittedly pam is a bit of a black box for me, its one of those things I have never needed to care so much about.
But really.... how much do you care about your local machine like that? Now... realise, I am skewed... I use a laptop as my local machine...
with encrypted root and swap... and running no services exposed to the network at all.
Hell, the thing barely leaves my posession, I carry it nearly everywhere.
That solves alot of worries. On top of that, I work on nothing and have access to almost nothing that anybody would target me for... so not much worry of keyloggers etc.
So if I am worryign about security...its worring about my exposures on remote systems. A smartcard sudo that works only locally is of no use to me at all, the local machine is by far secure enough without it... and I almost never work locally on any machine that does matter. (even when I am on console, its through a console server)
admittedly, if I had a smartcard like that, I would still totally set that shit up.
And as soon as that actually happens, I guess the students will be vindicated.
If this was a deal breaker and caused students to leave the class en mass... then that would be the word on the issue now wouldn't it?
So instead o fbitching, maybe thats what they should do, leave the class. If enough leave with them, then the class will be depopulated and have to be stopped, if it keeps happening, the professor will have to do something else.
Vote with your seat kids.
Until you are willing to do that, I don't feel like listening to the whining. You have no right to tell the professor how to conduct her class (or at least no right to have her bend to your will, bitch all you want as that I guess really is your right).
And when the classroom is empty but for a lone professor... then there will be a great point made. However, for some reason, I just don't see that happening.
And this is another reason I support the professor.
Guess what, alot of companies don't like you bringing unneeded laptops to meetings. Sure if your giving a presetation and projectign through the VGA up to a screen...
but if you are there as a normal participant, guess what?
Your boss doesn't like talking to you through the laptop screen, nor does his boss. Get used to it.
Here, everybody has laptops. However when its meeting time, there are seldom more than 2 of them in a room of 20. Usually one of them is hooked up to the projector, usually both were brought by outside consultants who are presenting something to us.
Yes a laptop makes you more efficient at entering and storing vast amounts of information.
This is normally a benefit.
Her concern, as I read it, is actually not new or common to laptops.
When taking notes, it has LONG been that some students will try to just write everything down word for word. This is VERY HARD to do on paper unless you are a very fast writter.
So most students are forced by inefficiency to become more internally efficient. They learn to listen and think and then take notes based on their own thoughts.
Thus, the difference in efficiency of information transfer between voice and blackboard and paper forced students to think more and learn how to learn in that manner.
Notebooks have, according to her assertion, tipped the scale and allowed more students to be really bad note takers. And by BAD I mean ones who note too much without thinking. Now you really can just focus on entering all the info, without thinking about what you are doing, because it takes all yoru concentration to do it.
In a way it makes sense. I would love to see some studies done to test her assertions.
ok I know its nice to be all self righteous but... this is also part of what you are paying for.
Rules like this exist for reasons, and I think she explained them well. It is up to the professor to set the tone for the class and regulate how it goes... this is part of what you pay them to do.
If this was a private class between you and your professor, then I could understand your complaint. However its not, theres a number of students in the room and you all share the same space. Its not like the professor can take each student aside for personal instruction every class.
What this means is, sometimes the professor has to make a judgement rule on the overall conduct of the class. If she feels that laptops are a problem, she has every right to ban them in her class.
If you don't like her class and the way she conducts it, then register for another class.
Freedom to do what you want is nice. However, sometimes you need to temprarily ceede a little freedom (would you argue that you should be "free" to disrupt class by singing show tunes at the top of your lungs for 45 minuts?) in situations where other people are involved... like a classroom.
You are free to walk out and use your laptop elsehwere.
I am paying for martial arts instruction. Do you think because I pay for it I should be free to refuse to bow to my instructor or refer to him by his title in class? Should I be free to disregard the uniform policy and wear street clothes? or some randomly colored belt that I bought and paid for at a martial arts supply store?
Heres my take.... I didn't think of this but it came from a meatspace conversation on this topic...
the internet is inherintly client server, and unless you employ special privs and access, you can't generally listen in on someone elses client to server communications.
Simple... the internet is entirly private. If someone connects to a server and downloads your images, it should be considered exactly the same as if they came into your HOME and looked at your personal scrapbook.
There. Problem solved. No more community decency issue. Its private consenting adults in the privacy of their private connections.
I would also like to point out that the Supreme court has every right, and SHOULD make some determinations to overstep the states.
In fact, it says 2 important things in the constitution. One is that no state can abridge the peoples constitutional rights.
secondly, there is the 9th ammendment, which should be interpreted as the government, federal and state, since this applies to the states to, to mean that ONLY rights to regulate explicitly given by articles of the constitution are their right to regulate.
So in essence, I agree with you about alot of it... however, even state government shouldn't be THAT powerful so as to regulate things like obscenity.
Missing the point here though, obviously didn't read the article.
The problem here is the internet, specifically.
Ok, so if you leave the standard for obscenity up to the community, then what happens on the internet?
The current problem is that federally, you can be brought up on charges and the prosecutors determine what jurisdiction or community that you are to be tried in.
This means that you may post your "art" in NYC. Then Have someone in Montana complain, and be tried in Alabama for indecency.
In fact you have it entirly backwards. Its a republican federal decency law thats being challenged. Its that FEDERAL LAW that the supreme court has decided not to rule on... thus leaving intact the asinine situation described above.
Nice try. Next time read the fucking article.
-Steve
Re:People don't crack passwords?
on
Sudo vs. Root
·
· Score: 1
I was hoping nobody would notice that I was glossing over that. Admittedly, yes thats true.
However, its again an issue of what we are talking about here. Are we talking about the machine on yourdesktop at home, or a large corperate environment. Are we trying to protect against a determined attacker with time and a reason to get in?
You still need to know what other systems too. That may be easy to find,a nd often will be, I mean if you are in to the point of having the shadow file... you can probably look through the deamon logs and see where people ssh in from, or watch netstat output to see where they go to.
This is all true. However, at some point, you have to decide how much of a threat you actually care about.
Frankly, I think that if its that big a deal, maybe you shouldn't have passwords in shadow at all, except for root. Do some other authentication method that a single box being taken wont actually compromise the passwords so easily. (I am an ldap whore myself)
What I would love to see is sudo which accepts RSA keys seprate from ssh.... then you can ssh in, do your thing, then load your root RSA key, sudo, and do what you need. Hell tie it to the same ssh agent through some means. You still have to worry about owned systems being used to hijack your session, but it only gets them an oracle, not your actual key...
so if you say loaded the root ssh key only when you needed it, and such that it automatically gets unloaded within a few minutes... then the window of exposure is relativly very small, and very hard to predict.
Again though, I maintain, once your user account is taken, if you use sudo, its only a matter of time before someone could have root access.
I mean, would you notice your path was slightly different today than it was yesterday? especially if everything worked exactly as it did before? or do you always run sudo with an absolute path?
If you said yes to either of those, you are by far in the minority, even among the best, most paranoid admins that I have ever worked with.
Honestly... I was in a class where we were encouraged to break into eachothers boxes... and I did something much like that. Nobody noticed except the course instructor when he logged into the boxes one day to simulate a break in and noticed my changes to their box.
and that was back before I had 5 years of professional experience under my belt, I bet if I wanted to do something similar today, it could be alot more clever.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
I never meant to imply otherwise.
I am very specifically talking about the case at hand. That is to say, contrasting normal sudo use with configuring sudo to take the root password only.
Essentially, this turns sudo back into su or su -p or some such depending on your system and how you want it to treat your environment.
Its easy to imagine all manner of attack scenarios, but you have to direct your attention where it will do the most real good.
Frankly I think the tradoffs of sudo vs su fall far on the side of sudo. However, this setup from the article, throws away most of the benefit of sudo, in the name of "security".
it seems silly to do for a machine used mostly locally. Its a nightmare in a production environment.
I have always liked the model of admins use SSH RSA keys, then use their own password for sudo. That way their system access password never leaves the local box, until they need to become root.
Then you generate really good random root passwords, and put them in a place where they are safe and can be pulled out in a dire emergency to be used.... then immediatly changed.
I have never actually worked in those conditions, but we did consider it at some meetings at a previous job. I did like the idea.
-Steve
Re:People don't crack passwords?
on
Sudo vs. Root
·
· Score: 1
> If the attacker can get a copy of the encypted password > file, he's home free, because peoples' ability to > remember passwords has not kept pace with the ability > of computers to search them.
Yup....
and thats the thing. Nobody runs big shell servers anymore, its generally hard enough just to get the encrypted password file, as it is to break in through some other means.
Put another way, if someone can get hold of your shadow file, then you have bigger problems than anything that sudo configuration changes are appropriate to address.
In any case, the real answer here is proper password management. sudo, setup in its normal way, is just fine if you can properly manage you rpasswords.
You know what that means... you have a password, or set of passwords that NEVER go out unencrypted anywhere. They get used only over ssh sessions or ssl sessions etc.
This may mean one password per system, or one password in total. Depends on the exposure risk of each system.
Basically yes, if you send your system password that works fo rlogin and sudo out over the wire without encryption willy nilly or use it on random sites and systems that you don't control... then this is a huge risk to you.
If you don't manage passwords, you are exposed to the risks of getting you rpasswords compromised. One way or another.
Someone getting the shadow file is the least of your worries. Not because its no big deal if they get it, just because attacks aimed at getting it are rare when most attack vectors that would get you it, would just get you root just as easily.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
and you obviously have not read the article or used sudo where it was setup specifically to NOT do that and ONLY take root passwords.
Read the docs again man, its either a config or compile time option. I honestly forget because, well, I hate the feature and wont use it.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 2, Insightful
Ahahahaha thats pretty funny.
As I said before, nobody except security auditors really crack passwords anymore.
That said, its really not that hard to come up with a pretty acceptable and memorable password.
I like to take a song lyric or other phrase of about 8 words. Then take either the first letter of each word to start. For some words, I will choose a symbol other than the first letter, like "and" could become & or +... and pretty much any other random substitution I can think of.
Then I pick out words to capitalise, or replace with l33tspeak numbers etc.
by the time I am done, I have a fairly nasty looking string that maps easily in one direction back to a phrase. Write it down, say the phrase while you use the password.
By about the 5th time, I can burn the paper copy.
For example, I will make one up right now.... password - mnemonic
4eIwMo^n - for example I will make one up now
I once, and I only admit this because I know that every system that has used this password has since had it changed several times.... I once used lyrics from "the song that does not end".... sadly it wasn't in use long enough to break the brains of anyone else in the office.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
Yup. Agreed.
People shouldn't do that either.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
Its good to know that you can answer two completly different assertions by just stating that the first one is wrong. Or even that a person who "obviously doesn't know what they are talking about" must thus be wrong.
Thanks for the info
Good talk, see ya out there.
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
Thats a seprate issue entirely.
I agree with the other poster, having vague assertions is unfortunate, I can only hope its vague because of a genuine desire to keep a theoretical hole under wraps until it can be fixed.
On the other hand it could be an attempt to spread FUD abotu MacOS.
However, I will note that my experience is with Unix systems in general, and usually not ones that a person logs into locally. (even if I am typing this on such a system now... my laptop)
Frankly, if your system is as broken as you say, then forget sudo, your fucked to begin with. Get that fixed, then look at sudo.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 1
Yet you don't answer my assertion that sudo or really anything that grants access based on the root password, is exactly as secure as the least secure account that it is used from.
The fact is that this privilege escalation is so trivial with just a little work, that there is very little protection against it.
Maybe next we need all our home dirs and login scripts owned by root too... that way our login environments can't be trojaned.
ugh. I am all for layers of security, this is why I highly recomend NOT using your user password for logins at all except for locally.... and using your user password basically as your personal root password.
as for keyloggers, they are amusingly agnostic. They will happily catch both your user and root passwords seprately and equally... same is true for people looking over your shoulder.
As for things getting executed in the wrong account, not sure how thats relevant or can be solved except by stopping making any mistakes at all. I will let you know if I ever figure out how to completly stop making mistakes.
-Steve
Re:MUCH MUCH Much better solution
on
Sudo vs. Root
·
· Score: 5, Insightful
I would argue that this is even not needed.
Just pick a good damned password.
Seriously. Nobody really cracks passwords anymore. Sure there are the ubiquitous SSH scans on the net looking for just insanely stupid passwords. Pick a good password and move on.
Firstly... any security discussion that starts with "what if they have your password" is flawed. They shouldn't have your password, if you let it go, or its THAT easy to guess.... then your security is broken right from the start and there is nothing you can do YOU ARE FUCKED.
I worked at a place that did sudo for root passwords, and I thought it was one of the god damned stupidest things ever. The ONLY benefit of it, was that it forced us to figure out how to make secure passwords for root that people could easily memorize and taught us all to use mnemonics. That was seriously the ONLY benefit.
Basically if you log in locally, or use ssh for everything, then your password never goes out in clear text. If you worry about ssh, then fine... use key authentication, then your password never gets used for anything but sudo.
Basically.... this is a totally fake issue. If someone has your user account password, you are just screwed. They can trojan your entire environment such that the chances that you will EVER notice is minimal, and then they will just get the root password the very next time you sudo.
Bottom line... protect your password... your security depends on it.
Ok fine... and how about POK for pokemon, and TEC for technical stuff and....
why is porn so special.
Hows about this.... we completly and utterly drop the entire subject until the people who are so offended by porn can actually show that we have some compelling interest in treating it as special.
Som,ething more than "for the children" like actually proving that viewing porn effects children negativly.
I first saw porn when I was far to young to undertsnad what it was, and like EVERY OTHER KID I KNOW, started to look at porn when I was about 12....
the simple fact is, kids will find porn, kids will look at porn. They did it long before the internet, and now that the internet is around, they will use the internet for it.
Viewing porn never hurt anyone, and never will. This entire subject of.xxx domains and censoring is a waste of god damned time and bandwidth.
And if you notice, I said source can be made to work. I have seen it work. My problem is that the article didn't even scratch the surface of the issues involved and I just don't see how source is that big of a win in alot of environments.
Is a deployment strategy based on building everything from source doable? Yup.Does it make sense? Sometimes yes, sometimes no.
What I object to is the idea that if your an expert, you are going to choose source. Frankly, I just don't see how it follows that source is more supportable, more secure, or more stable.
It is at best, just as good. Bad package management, in truth, is just as bad as bad source management. However, there are certainly options with both to make your life easier.
Frankly, if the deployment strategy is so undeveloped that the choice between binary packages and source distros is still to be made, I don't see any reason to build a source system at this point. Unless I had very specific needs, that pointed to needing to manage alot of source... I would almost always go the binaries route.
Yup... in my last job we started with a few solaris boxes and almost no management infrastructure, and had to build from the ground up.
By the time I left, we had nearly 100 machines. We compiled everything we could from source, but... we made packages and distributed the packages. So it was kind of like we were the OS vendor.
In fact, in many corperate environemtns, there ends up being a group that ends up basically being an in house os vendor, building what the base system is, and building local packages and keeping them up to date. That was my job.
I built build scripts and put it all in CVS for exactly that reason... managing source is a nightmare. I didn't install CVS or make build scripts right away. I did it, like many admins, because I had been bitten in the ass.
What flags did we use last time? How do you make it install into a specific dir? What patches did we apply?
Well... by the time we left, I could tell you that stuff for our compiles. It was a pain to build, and eventually we needed student workers just to keep up with the package demand... it was way too much for what we were doing.
Basically... if binary packages had been available sanely for what we wanted to do (this was under solaris), I would have said we should use them. It wasn;'t.... so we effectivly managed alot of source.
It was only worth it because we had no other real choice (honestly the sunfreeware stuff was just too often not quite right... not like good old fashioned debian packages or even, as much as I hate to admit it, RedHat... they have really improved since I decided that I hated them, and their latest stuff is pretty good)
God I am jealous.
As for pam vs hacking sudo.... hmmm something to think about.
Admittedly pam is a bit of a black box for me, its one of those things I have never needed to care so much about.
But really.... how much do you care about your local machine like that? Now... realise, I am skewed... I use a laptop as my local machine...
with encrypted root and swap... and running no services exposed to the network at all.
Hell, the thing barely leaves my posession, I carry it nearly everywhere.
That solves alot of worries. On top of that, I work on nothing and have access to almost nothing that anybody would target me for... so not much worry of keyloggers etc.
So if I am worryign about security...its worring about my exposures on remote systems. A smartcard sudo that works only locally is of no use to me at all, the local machine is by far secure enough without it... and I almost never work locally on any machine that does matter. (even when I am on console, its through a console server)
admittedly, if I had a smartcard like that, I would still totally set that shit up.
-Steve
I am pretty sure I can be bothered by sounds that come from behind me.
Not only does the professor claim to be an expert, but the board of trustees of the college happens to agree with them.
I am sure if you had questions as to the professors professional qualifications, you could ask.
-Steve
You know... you are asolutly right.
And as soon as that actually happens, I guess the students will be vindicated.
If this was a deal breaker and caused students to leave the class en mass... then that would be the word on the issue now wouldn't it?
So instead o fbitching, maybe thats what they should do, leave the class. If enough leave with them, then the class will be depopulated and have to be stopped, if it keeps happening, the professor will have to do something else.
Vote with your seat kids.
Until you are willing to do that, I don't feel like listening to the whining. You have no right to tell the professor how to conduct her class (or at least no right to have her bend to your will, bitch all you want as that I guess really is your right).
And when the classroom is empty but for a lone professor... then there will be a great point made. However, for some reason, I just don't see that happening.
Sounds like alot of hot air to me.
-Steve
not always.
You know some schools like harvard don't even need to charge tuition.
Even at less well endowed schools, tuition goes a long way but most schools get way more applicants than they could ever accept.
Believe me, they wont cry over you.
-Steve
exactly....
And this is another reason I support the professor.
Guess what, alot of companies don't like you bringing unneeded laptops to meetings. Sure if your giving a presetation and projectign through the VGA up to a screen...
but if you are there as a normal participant, guess what?
Your boss doesn't like talking to you through the laptop screen, nor does his boss. Get used to it.
Here, everybody has laptops. However when its meeting time, there are seldom more than 2 of them in a room of 20. Usually one of them is hooked up to the projector, usually both were brought by outside consultants who are presenting something to us.
-Steve
I think her concern is a little more nuanced.
Yes a laptop makes you more efficient at entering and storing vast amounts of information.
This is normally a benefit.
Her concern, as I read it, is actually not new or common to laptops.
When taking notes, it has LONG been that some students will try to just write everything down word for word. This is VERY HARD to do on paper unless you are a very fast writter.
So most students are forced by inefficiency to become more internally efficient. They learn to listen and think and then take notes based on their own thoughts.
Thus, the difference in efficiency of information transfer between voice and blackboard and paper forced students to think more and learn how to learn in that manner.
Notebooks have, according to her assertion, tipped the scale and allowed more students to be really bad note takers. And by BAD I mean ones who note too much without thinking. Now you really can just focus on entering all the info, without thinking about what you are doing, because it takes all yoru concentration to do it.
In a way it makes sense. I would love to see some studies done to test her assertions.
-Steve
ok I know its nice to be all self righteous but... this is also part of what you are paying for.
Rules like this exist for reasons, and I think she explained them well. It is up to the professor to set the tone for the class and regulate how it goes... this is part of what you pay them to do.
If this was a private class between you and your professor, then I could understand your complaint. However its not, theres a number of students in the room and you all share the same space. Its not like the professor can take each student aside for personal instruction every class.
What this means is, sometimes the professor has to make a judgement rule on the overall conduct of the class. If she feels that laptops are a problem, she has every right to ban them in her class.
If you don't like her class and the way she conducts it, then register for another class.
Freedom to do what you want is nice. However, sometimes you need to temprarily ceede a little freedom (would you argue that you should be "free" to disrupt class by singing show tunes at the top of your lungs for 45 minuts?) in situations where other people are involved... like a classroom.
You are free to walk out and use your laptop elsehwere.
I am paying for martial arts instruction. Do you think because I pay for it I should be free to refuse to bow to my instructor or refer to him by his title in class? Should I be free to disregard the uniform policy and wear street clothes? or some randomly colored belt that I bought and paid for at a martial arts supply store?
I paid for it damnit... didn't I?
-Steve
Heres my take.... I didn't think of this but it came from a meatspace conversation on this topic...
the internet is inherintly client server, and unless you employ special privs and access, you can't generally listen in on someone elses client to server communications.
Simple... the internet is entirly private. If someone connects to a server and downloads your images, it should be considered exactly the same as if they came into your HOME and looked at your personal scrapbook.
There. Problem solved. No more community decency issue. Its private consenting adults in the privacy of their private connections.
-Steve
I would also like to point out that the Supreme court has every right, and SHOULD make some determinations to overstep the states.
In fact, it says 2 important things in the constitution. One is that no state can abridge the peoples constitutional rights.
secondly, there is the 9th ammendment, which should be interpreted as the government, federal and state, since this applies to the states to, to mean that ONLY rights to regulate explicitly given by articles of the constitution are their right to regulate.
So in essence, I agree with you about alot of it... however, even state government shouldn't be THAT powerful so as to regulate things like obscenity.
-Steve
Missing the point here though, obviously didn't read the article.
The problem here is the internet, specifically.
Ok, so if you leave the standard for obscenity up to the community, then what happens on the internet?
The current problem is that federally, you can be brought up on charges and the prosecutors determine what jurisdiction or community that you are to be tried in.
This means that you may post your "art" in NYC. Then Have someone in Montana complain, and be tried in Alabama for indecency.
In fact you have it entirly backwards. Its a republican federal decency law thats being challenged. Its that FEDERAL LAW that the supreme court has decided not to rule on... thus leaving intact the asinine situation described above.
Nice try. Next time read the fucking article.
-Steve
I was hoping nobody would notice that I was glossing over that. Admittedly, yes thats true.
However, its again an issue of what we are talking about here. Are we talking about the machine on yourdesktop at home, or a large corperate environment. Are we trying to protect against a determined attacker with time and a reason to get in?
You still need to know what other systems too. That may be easy to find,a nd often will be, I mean if you are in to the point of having the shadow file... you can probably look through the deamon logs and see where people ssh in from, or watch netstat output to see where they go to.
This is all true. However, at some point, you have to decide how much of a threat you actually care about.
Frankly, I think that if its that big a deal, maybe you shouldn't have passwords in shadow at all, except for root. Do some other authentication method that a single box being taken wont actually compromise the passwords so easily. (I am an ldap whore myself)
What I would love to see is sudo which accepts RSA keys seprate from ssh.... then you can ssh in, do your thing, then load your root RSA key, sudo, and do what you need. Hell tie it to the same ssh agent through some means. You still have to worry about owned systems being used to hijack your session, but it only gets them an oracle, not your actual key...
so if you say loaded the root ssh key only when you needed it, and such that it automatically gets unloaded within a few minutes... then the window of exposure is relativly very small, and very hard to predict.
Again though, I maintain, once your user account is taken, if you use sudo, its only a matter of time before someone could have root access.
I mean, would you notice your path was slightly different today than it was yesterday? especially if everything worked exactly as it did before?
or do you always run sudo with an absolute path?
If you said yes to either of those, you are by far in the minority, even among the best, most paranoid admins that I have ever worked with.
Honestly... I was in a class where we were encouraged to break into eachothers boxes... and I did something much like that. Nobody noticed except the course instructor when he logged into the boxes one day to simulate a break in and noticed my changes to their box.
and that was back before I had 5 years of professional experience under my belt, I bet if I wanted to do something similar today, it could be alot more clever.
-Steve
I never meant to imply otherwise.
I am very specifically talking about the case at hand. That is to say, contrasting normal sudo use with configuring sudo to take the root password only.
Essentially, this turns sudo back into su or su -p or some such depending on your system and how you want it to treat your environment.
Its easy to imagine all manner of attack scenarios, but you have to direct your attention where it will do the most real good.
Frankly I think the tradoffs of sudo vs su fall far on the side of sudo. However, this setup from the article, throws away most of the benefit of sudo, in the name of "security".
it seems silly to do for a machine used mostly locally. Its a nightmare in a production environment.
I have always liked the model of admins use SSH RSA keys, then use their own password for sudo. That way their system access password never leaves the local box, until they need to become root.
Then you generate really good random root passwords, and put them in a place where they are safe and can be pulled out in a dire emergency to be used.... then immediatly changed.
I have never actually worked in those conditions, but we did consider it at some meetings at a previous job.
I did like the idea.
-Steve
> If the attacker can get a copy of the encypted password > file, he's home free, because peoples' ability to
> remember passwords has not kept pace with the ability
> of computers to search them.
Yup....
and thats the thing. Nobody runs big shell servers anymore, its generally hard enough just to get the encrypted password file, as it is to break in through some other means.
Put another way, if someone can get hold of your shadow file, then you have bigger problems than anything that sudo configuration changes are appropriate to address.
In any case, the real answer here is proper password management. sudo, setup in its normal way, is just fine if you can properly manage you rpasswords.
You know what that means... you have a password, or set of passwords that NEVER go out unencrypted anywhere. They get used only over ssh sessions or ssl sessions etc.
This may mean one password per system, or one password in total. Depends on the exposure risk of each system.
Basically yes, if you send your system password that works fo rlogin and sudo out over the wire without encryption willy nilly or use it on random sites and systems that you don't control... then this is a huge risk to you.
If you don't manage passwords, you are exposed to the risks of getting you rpasswords compromised. One way or another.
Someone getting the shadow file is the least of your worries. Not because its no big deal if they get it, just because attacks aimed at getting it are rare when most attack vectors that would get you it, would just get you root just as easily.
-Steve
and you obviously have not read the article or used sudo where it was setup specifically to NOT do that and ONLY take root passwords.
Read the docs again man, its either a config or compile time option. I honestly forget because, well, I hate the feature and wont use it.
-Steve
Ahahahaha thats pretty funny.
... and pretty much any other random substitution I can think of.
As I said before, nobody except security auditors really crack passwords anymore.
That said, its really not that hard to come up with a pretty acceptable and memorable password.
I like to take a song lyric or other phrase of about 8 words. Then take either the first letter of each word to start. For some words, I will choose a symbol other than the first letter, like "and" could become & or +
Then I pick out words to capitalise, or replace with l33tspeak numbers etc.
by the time I am done, I have a fairly nasty looking string that maps easily in one direction back to a phrase. Write it down, say the phrase while you use the password.
By about the 5th time, I can burn the paper copy.
For example, I will make one up right now....
password - mnemonic
4eIwMo^n - for example I will make one up now
I once, and I only admit this because I know that every system that has used this password has since had it changed several times.... I once used lyrics from "the song that does not end".... sadly it wasn't in use long enough to break the brains of anyone else in the office.
-Steve
Yup. Agreed.
People shouldn't do that either.
-Steve
Its good to know that you can answer two completly different assertions by just stating that the first one is wrong. Or even that a person who "obviously doesn't know what they are talking about" must thus be wrong.
Thanks for the info
Good talk, see ya out there.
Thats a seprate issue entirely.
I agree with the other poster, having vague assertions is unfortunate, I can only hope its vague because of a genuine desire to keep a theoretical hole under wraps until it can be fixed.
On the other hand it could be an attempt to spread FUD abotu MacOS.
However, I will note that my experience is with Unix systems in general, and usually not ones that a person logs into locally. (even if I am typing this on such a system now... my laptop)
Frankly, if your system is as broken as you say, then forget sudo, your fucked to begin with. Get that fixed, then look at sudo.
-Steve
Yet you don't answer my assertion that sudo or really anything that grants access based on the root password, is exactly as secure as the least secure account that it is used from.
The fact is that this privilege escalation is so trivial with just a little work, that there is very little protection against it.
Maybe next we need all our home dirs and login scripts owned by root too... that way our login environments can't be trojaned.
ugh. I am all for layers of security, this is why I highly recomend NOT using your user password for logins at all except for locally.... and using your user password basically as your personal root password.
as for keyloggers, they are amusingly agnostic. They will happily catch both your user and root passwords seprately and equally... same is true for people looking over your shoulder.
As for things getting executed in the wrong account, not sure how thats relevant or can be solved except by stopping making any mistakes at all. I will let you know if I ever figure out how to completly stop making mistakes.
-Steve
I would argue that this is even not needed.
Just pick a good damned password.
Seriously. Nobody really cracks passwords anymore. Sure there are the ubiquitous SSH scans on the net looking for just insanely stupid passwords. Pick a good password and move on.
Firstly... any security discussion that starts with "what if they have your password" is flawed. They shouldn't have your password, if you let it go, or its THAT easy to guess.... then your security is broken right from the start and there is nothing you can do YOU ARE FUCKED.
I worked at a place that did sudo for root passwords, and I thought it was one of the god damned stupidest things ever. The ONLY benefit of it, was that it forced us to figure out how to make secure passwords for root that people could easily memorize and taught us all to use mnemonics. That was seriously the ONLY benefit.
Basically if you log in locally, or use ssh for everything, then your password never goes out in clear text. If you worry about ssh, then fine... use key authentication, then your password never gets used for anything but sudo.
Basically.... this is a totally fake issue. If someone has your user account password, you are just screwed. They can trojan your entire environment such that the chances that you will EVER notice is minimal, and then they will just get the root password the very next time you sudo.
Bottom line... protect your password... your security depends on it.
-Steve
Ok fine... and how about POK for pokemon, and TEC for technical stuff and....
.xxx domains and censoring is a waste of god damned time and bandwidth.
why is porn so special.
Hows about this.... we completly and utterly drop the entire subject until the people who are so offended by porn can actually show that we have some compelling interest in treating it as special.
Som,ething more than "for the children" like actually proving that viewing porn effects children negativly.
I first saw porn when I was far to young to undertsnad what it was, and like EVERY OTHER KID I KNOW, started to look at porn when I was about 12....
the simple fact is, kids will find porn, kids will look at porn. They did it long before the internet, and now that the internet is around, they will use the internet for it.
Viewing porn never hurt anyone, and never will. This entire subject of
-Steve
Welld epends on the type of lab.
I work ina corperate environment and we have a "lab" but its a testing lab for pre-production work, hardware certification, etc.
Basically, its where I would live if it wasn't for console servers.
-Steve
And if you notice, I said source can be made to work. I have seen it work. My problem is that the article didn't even scratch the surface of the issues involved and I just don't see how source is that big of a win in alot of environments.
Is a deployment strategy based on building everything from source doable? Yup.Does it make sense? Sometimes yes, sometimes no.
What I object to is the idea that if your an expert, you are going to choose source. Frankly, I just don't see how it follows that source is more supportable, more secure, or more stable.
It is at best, just as good. Bad package management, in truth, is just as bad as bad source management. However, there are certainly options with both to make your life easier.
Frankly, if the deployment strategy is so undeveloped that the choice between binary packages and source distros is still to be made, I don't see any reason to build a source system at this point. Unless I had very specific needs, that pointed to needing to manage alot of source... I would almost always go the binaries route.
-Steve
Yup... in my last job we started with a few solaris boxes and almost no management infrastructure, and had to build from the ground up.
By the time I left, we had nearly 100 machines. We compiled everything we could from source, but... we made packages and distributed the packages. So it was kind of like we were the OS vendor.
In fact, in many corperate environemtns, there ends up being a group that ends up basically being an in house os vendor, building what the base system is, and building local packages and keeping them up to date. That was my job.
I built build scripts and put it all in CVS for exactly that reason... managing source is a nightmare. I didn't install CVS or make build scripts right away. I did it, like many admins, because I had been bitten in the ass.
What flags did we use last time? How do you make it install into a specific dir? What patches did we apply?
Well... by the time we left, I could tell you that stuff for our compiles. It was a pain to build, and eventually we needed student workers just to keep up with the package demand... it was way too much for what we were doing.
Basically... if binary packages had been available sanely for what we wanted to do (this was under solaris), I would have said we should use them. It wasn;'t.... so we effectivly managed alot of source.
It was only worth it because we had no other real choice (honestly the sunfreeware stuff was just too often not quite right... not like good old fashioned debian packages or even, as much as I hate to admit it, RedHat... they have really improved since I decided that I hated them, and their latest stuff is pretty good)
-Steve