HPE Community
Operating System - HP-UX
1821626 Members
3116 Online
109633 Solutions
New Discussion юеВ

Re: sudo

 
SOLVED
Go to solution
Khashru
Valued Contributor

тАО02-12-2006 11:21 AM

тАО02-12-2006 11:21 AM

sudo

I have configured sudo for giving some access to our helpdesk team. My manager wants to know about the security issues about it like

1. who made sudo
2. where is the configuration file and what is the permission of that.
3. Is there any known threat?

Can anyoune help me in this.
0 Kudos
Reply
5 REPLIES 5
Patrick Wallek
Honored Contributor

тАО02-12-2006 11:38 AM

тАО02-12-2006 11:38 AM

Solution

Re: sudo

1. Who made sudo: Check out http://www.courtesan.com for lots of information on sudo.

2. It depends on the installation. Sometimes it is /etc/sodu/sudoers, sometimes /usr/local/etc/sudo/sudoers. I have seen it in other directories as well. Permissions on one of my machines are readable by the owner and group (both root) only.

3. Any known thread: Information here on the only sudo security issue I have ever seen: http://www.sudo.ws/sudo/alerts/path_race.html

Sudo is a great product and the benefits far outweigh the risks in my opinion.
Reply
Arunvijai_4
Honored Contributor

тАО02-12-2006 02:48 PM

тАО02-12-2006 02:48 PM

Re: sudo

Hi Khashru,

Q1. who made sudo

Ans : Sudo is an Opensource utlity distributed under ISC-style license. It is part of Internet Express suite as well, you can download it for 11.11 and 11.23

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

Main site is at : http://www.courtesan.com/sudo/

Q2. where is the configuration file and what is the permission of that.
"sudoers" is the configuration file for sudo. If you install Internet express version of sudo, you can find "sudoers" at /opt/iexpress/sudo/etc/ directory.

Permission will be 644.

Q3.Is there any known threat?

Current version 1.6.8p12 is risk free,

See all Sudo reated security alerts at http://www.courtesan.com/sudo/alerts/

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Steven E. Protter
Exalted Contributor

тАО02-12-2006 04:48 PM

тАО02-12-2006 04:48 PM

Re: sudo

Shalom Kashru,

I differ with the last answer to number 3. Though there are no known vulnerabilities with the sudo product, which is stable and in wide use, there are inherent problems with sudo itself.

If used to grant access on the wrong utility it can open up your system completely to malicious, or more likely stupid users. It is very important to use this utility in a very, very limited way.

sudo increases security if it allows you to keep non-admins from root access and if its used carefully and in a limited way.

sudo ships with a special visudo or visudoers utility that when saving the file, updates the sudo database.

Good Luck.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Mustafa Gulercan
Respected Contributor

тАО02-13-2006 05:54 PM

тАО02-13-2006 05:54 PM

Re: sudo

hi;

1) there is a sudo web page at http://www.sudo.ws/sudo/

2)/etc/sudoers
-r--r----- 1 root root


regards
mustafa
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

тАО02-13-2006 08:23 PM

тАО02-13-2006 08:23 PM

Re: sudo

hi Khashru.

Many questions on sudo also answered at the following url:
http://groups.google.mu/group/alt.hacking/msg/4de350322e329c48?&q=sudo+security+threats

hope this helps too!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.