[COLUG] How Does Linux Security Work?

Travis Sidelinger travis at ilive4code.net
Wed Aug 1 14:10:02 EDT 2007 

Mark Erbaugh wrote:
> I'm pretty much a consumer of Linux, although I'm able to do more and
> more with it. I'm currently using Ubuntu Dapper (6.06).
> 
> I'm curious how Linux security works.  Under Ubuntu, I usually run as a
> normal user, but for certain tasks I need to use sudo to run as
> (admin).  When I invoke the sudo command or when a graphical program
> (i.e. update manager) needs me to become root it asks for the password.
> Presumably this password is all that would keep a malicious program run
> as my user from becoming root.
> 

Sudo is setuid enabled, meaning it will always run as the owner, which 
is root in this case.  See below and notice the "s" flag in the file's mode.

hostname:~ # which sudo
/usr/bin/sudo
hostname:~ # ls -al /usr/bin/sudo
-rwsr-xr-x 1 root root 120696 Nov 25  2006 /usr/bin/sudo

See if Ubuntu has a man page for setuid: "man 2 setuid"

> Exactly what is the low level mechanism that allows a program to run as
> a different user (i.e. root)?  When I am prompted for a password is that
> prompt coming from the program I am running or from the bowels of linux?
> 

See "man 2 setuid" and related system calls.

> Is there anything that would keep a malicious program from collecting
> and saving my password so it could become root whenever it wanted?

Yes -> secure overall system design with good APIs
You could list a 1000+ items here.  That said, poor user practices and 
bad software can fowl up the best of security measures.

> 
> I've also noticed that my successful password entry appears to be cached
> for some period of time. If I need to run sudo again it sometimes
> doesn't prompt for a password.  I have discovered a hidden 0 byte file
> in my home directory, .sudo_as_admin_successful, I am assuming that the
> timestamp on this file determines whether I need to re-enter my
> password.

Yes, the timestamp of a small file is used.  Sudo does not cashe the 
password.  On my SLES9 system this file is created under 
/var/run/sudo/${USER}

> 
> Feel free to point me to an online explanation.
> 
> Thanks,
> Mark Erbaugh
> 
> _______________________________________________
> colug432 mailing list colug432 at colug.net
> http://www.colug.net/mailman/listinfo/colug432
>

More information about the colug432 mailing list