[TriLUG] Rant: VISTA OMG PLEASE SHOOT ME

Maarten Lippmann m.w.lippmann at gmail.com
Sun Sep 9 10:08:05 EDT 2007


>>
> Sudo Rocks... you're just behind the times there.

I guess I should have been a bit clearer about my ubuntu sudo issues.
See I have no problem with sudo, if used in a safe way. I don't think
the default ubuntu situation is like that. And this mainly applies to
desktop systems where people don't reconfigure their setup.

First of all, people generally have less safe passwords as the user
than they set up for the root. When typing the root password you kinda
have to think twice. This is one reason why I prefer root to be a
distinct login for a desktop. Added layer of security.

Secondly, if your user account is compromised by, say a brute force
ssh attack, the attacker immediately has root privileges, as the brute
force passwd that worked for the user gets them to root as well.

Also, if you use sudo to configure your wireless, that means that the
first five minutes of all your internet connections anyone that can
get to your user account can get root access -without any need for a
password!-. As sudo in ubuntu turns off password requirement for a few
minutes after being used.

Lastly, and this is more a personal issue: if I need to do a few
administrative tasks in a row, I tend to forget to type sudo, very
annoying.

Of course there are many advantages to sudo, even security wise. You
can't accidentally leave a root terminal open with that for example.

(although adding

TMOUT=60
export PS1="\[\033[1;31m\]\u@\h:[\w] #\[\033[0m\]"

to your .bashrc/.bash_profile in the root dir will automatically exit
all root terminals after 60 secs of inactivity and give the root shell
a distinct red color to remind you you can screw up stuff. So that
counters that argument a little bit)

Another advantage of sudo is that you don't have a single root
password, if multiple admins take care of a system that can be
dangerous.

And thirdly there's sudo activity logging of course, also nice for the
multiple admin situation. Absolutely superior to just a root login
there.

So security pro's and cons.
But I was talking about a desktop system, not a server farm, and there
having just sudo and no root, and the sudo password being the same as
the user's one which is the ubuntu default, is a sacrifice in security
that is hard to justify in my opinion.
I just prefer it differently, and these are my reasons. Honestly, I
might be completely wrong about this (ubuntu could have changed this
since my last experience with it), if so feel free to correct me. It's
my opinion based upon my experiences, nothing more. Hell, as you said
I might be behind the times.

> Yeah eschew wireless
> and be like braveheart screaming freeedom while the rest of us enjoy
> 802.11a/b/n .. Or its way more satisfying to install wireless drivers
> etc by copying them manually over sneakernet because you don't have
> network so that your distro can be "pure"...   (the above may contain
> sarcasm)

Avoiding sudo when it's not necessary and using less proprietary
software doesn't mean no wifi. An insane amount of wireless cards are
supported nowadays without having to use ndiswrapper; from atheros to
ralink to prism. My issue is that it's too easy to take the non-free
road with ubuntu, even when free alternatives are right there in the
repository.

In my case I do a 'su-to-root -x wifi-radar' on my xfce startup to
connect to wireless, so I do use a password prompting temporary root
access utility for a gui and don't just edit my interfaces file. I do
consider sudo inappropriate for elevating preferences in this case.

It's all a matter of preference, these were my reasons against
choosing ubuntu. And they are not all that strong, it all doesn't
matter that much.

I wanted to give a shout out to the non-ubuntu/non-fedora xfce desktop
people like me, as ubuntu and fedora were the only two that were named
as vista alternatives in the thread.

m



More information about the TriLUG mailing list