[COLUG] How Does Linux Security Work?

Brian Miller bnmille at gmail.com
Wed Aug 1 23:12:01 EDT 2007 

On Wednesday 01 August 2007 11:08:37 am Mark Erbaugh wrote:
> I'm pretty much a consumer of Linux, although I'm able to do more and
> more with it. I'm currently using Ubuntu Dapper (6.06).
>
> I'm curious how Linux security works.  Under Ubuntu, I usually run as a
> normal user, but for certain tasks I need to use sudo to run as
> (admin).  When I invoke the sudo command or when a graphical program
> (i.e. update manager) needs me to become root it asks for the password.
> Presumably this password is all that would keep a malicious program run
> as my user from becoming root.
>
> Exactly what is the low level mechanism that allows a program to run as
> a different user (i.e. root)?  When I am prompted for a password is that
> prompt coming from the program I am running or from the bowels of linux?
>
Ubuntu does some neat things with sudo.  For one, it doesn't have a 
normal "root" account.  Well, technically the root account exists 
in /etc/passwd, but by default there is no password for the account, 
preventing anyone from successfully logging in as root.  So the Ubuntu 
developers have written some nice code that, when administrative rights are 
needed, sudo is automatically called.  This link can give you more details 
about sudo:  http://www.gratisoft.us/sudo/man/sudo.html
And the Ubuntu people have created this little write up that describes it from 
their perspective:  https://help.ubuntu.com/community/RootSudo
>
> Is there anything that would keep a malicious program from collecting
> and saving my password so it could become root whenever it wanted?
>
Ubuntu also uses several  local groups (adm, lpadmin, admin) in order to 
further restrict who can use sudo.  If you are not in these groups, then 
attempting to perform an administrative function will not work, even if 
someone knows your password.  Of course, some malicious program running under 
your user ID would, by default, be a member of these groups.  Someone could 
presumably write a program that would capture your password and then use it 
to elevate its privileges, but this program would have to insert itself 
before you run sudo itself (as I recall, sudo has some security to prevent 
this sort of thing, but I don't remember any specifics).  This is why, when 
running from the command line, it is best to type the full path of the 
program you want to run ("/usr/bin/sudo /usr/sbin/chmod", rather than "sudo 
chmod") as this make it harder for a malicious program capture keystrokes.
 
Running only approved software provided by your Linux distribution and/or 
reviewing all of the source code for any program that you install could help 
to prevent the sort of scenario you describe, also.  It applies to Linux as 
well as Windows:  Don't install anything from anyone that you don't 
completely trust.

> I've also noticed that my successful password entry appears to be cached
> for some period of time. If I need to run sudo again it sometimes
> doesn't prompt for a password.  I have discovered a hidden 0 byte file
> in my home directory, .sudo_as_admin_successful, I am assuming that the
> timestamp on this file determines whether I need to re-enter my
> password.
>

More information about the colug432 mailing list