[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)

To: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
From: Jerry Bell <jerry@xxxxxxxxxxxxxxx>
Date: Sun, 11 Nov 2012 12:38:50 -0500

There are a few things to consider from my experience: 

1. It's easy to say "don't use weak passwords", however unless you're using 
some 2 factor system or systematically forcing random passwords, people are 
generating the passwords, and history tells us that most people are very bad at 
that task. 

2. Most organizations institute lockout policies for normal user accounts, so 
generally even a weak user password can't be guessed within 5 or 10 tries. 
However, root can't generally be locked out, so they are open to brute force 
attacks. I have first hand experience responding to incidents that resulted 
from root being successfully brute forced. 

3. The concept of individual accountability is becoming increasingly important 
for many organizations. This doesn't matter much in some, particularly small, 
environments, but in a setting with dozens or hundreds of administrators, it is 
quite important. SUDO is about the only effective way of enabling large numbers 
of admins to operate on a system while maintaining accountability.  It is not 
bullet proof, but it is a quite effective solution generally. 

So, I am genuinely curious - how does blocking root logins and requiring SUDO 
weaken a system?  I definitely have a lot to learn, and I feel like I am 
missing something. 

Regards,

Jerry

On Nov 10, 2012, at 1:30 PM, Michal Zalewski <lcamtuf@xxxxxxxxxxx> wrote:

>> I think you've taken that far too literaly. My understanding of it is to
>> protect against a) brute force retardation b) dumb attackers.
> 
> The advice weakens the security of your system, because it means I
> just need to compromise your unprivileged account (in which you run
> your browser, mail client, and so on) to own the entire box.
> 
> As for the benefits, care to elaborate? I'm not sure what a) and b)
> really mean. If you're worried about brute-force, don't use trivial
> passwords. If you worry about opportunistic attacks, do that and then
> patch your stuff every now and then.
> 
> /mz
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
  - From: Michal Zalewski

References:
- [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
  - From: halfdog
- Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
  - From: Michal Zalewski
- Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
  - From: Benji
- Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
  - From: Michal Zalewski

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2573-1] radsecproxy security update
Next by Date: [Full-disclosure] BananaDance Wiki b2.2 - Multiple Web Vulnerabilities
Previous by thread: Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
Next by thread: Re: [Full-disclosure] TTY handling when executing code in lower-privileged context (su, virt containers)
Index(es):
- Date
- Thread