[COLUG] How Does Linux Security Work?
Mark Erbaugh
mark at microenh.com
Wed Aug 1 11:08:37 EDT 2007
I'm pretty much a consumer of Linux, although I'm able to do more and
more with it. I'm currently using Ubuntu Dapper (6.06).
I'm curious how Linux security works. Under Ubuntu, I usually run as a
normal user, but for certain tasks I need to use sudo to run as
(admin). When I invoke the sudo command or when a graphical program
(i.e. update manager) needs me to become root it asks for the password.
Presumably this password is all that would keep a malicious program run
as my user from becoming root.
Exactly what is the low level mechanism that allows a program to run as
a different user (i.e. root)? When I am prompted for a password is that
prompt coming from the program I am running or from the bowels of linux?
Is there anything that would keep a malicious program from collecting
and saving my password so it could become root whenever it wanted?
I've also noticed that my successful password entry appears to be cached
for some period of time. If I need to run sudo again it sometimes
doesn't prompt for a password. I have discovered a hidden 0 byte file
in my home directory, .sudo_as_admin_successful, I am assuming that the
timestamp on this file determines whether I need to re-enter my
password.
Feel free to point me to an online explanation.
Thanks,
Mark Erbaugh
More information about the colug432
mailing list