disabling root and olpc passwords
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Sat Jan 12 21:17:14 EST 2008
On 13.01.2008 01:45, M. Edward (Ed) Borasky wrote:
> Typical Linux practice is the following:
>
> 1. One *never* allows remote shell login as "root" -- *ever* -- even
> behind a firewall. One allows only *one* user in the "wheel" group to
> log in to a shell account, and then *only* via "ssh".
>
Which is almost as unsafe as using "root" directly.
> 2. When root access is needed, "sudo" is used, with the least permissive
> mode possible.
>
And once you start installing software globally via sudo, the account
from which you called sudo to install software is (in almost all
circumstances) effectively "root". Same goes for bootloader configuration.
> 3. "ftp" is done using "sftp" and/or "scp". For Windows clients, there's
> PuTTY.
>
Agreed.
> Anything less than this level of security is a bad habit -- a *very* bad
> habit. Please don't encourage such habits, or ask the open source
> community to cater to them.
>
Actually, I would consider the belief that sudo makes things
unconditionally safer to be mostly equivalent to the belief that a
"personal firewall" (which is not a firewall) makes things
unconditionally safer. IMO, use of sudo should be discouraged because it
gives people a false sense of security. It is possible to use sudo in a
safe way. Same goes for the "root" account.
And then there are those people who run "sudo bash". Although they
violate your point 2, they prove part of my point.
Many people interpret complicated or work-intensive interfaces as damage
and work around them. Often the workaround not only neutralizes the
intent of the original interface, it actually makes things worse from
the perspective of the person who tried to impose the interface on them
in the first place.
Have you ever worked at a place where people were required to change
their passwords every month and the new password was not allowed to
match any of the last n passwords? I have seen that and assure you that
it worsens security. People start to put their password as post-it-note
on their monitor. Once you manage to stop the post-it habit, they figure
out that a rotating list of passwords constructed like "secret1,
secret2, secret3..." works fine. If the system notices that passwords
are similar, there's at least some chance one guy knows another guy who
then tells someone in upper management that if the system is able to
find similarities between passwords, they surely are not stored with a
cryptographically secure hash function.
Regards,
Carl-Daniel
More information about the Devel
mailing list