There’s a fine line between empowerment and impotence in Unix. Is that why it sounds like eunuchs?
I accidentally revoked my power to run the sudo command. Yeah, it was a dumb thing to do. With godlike power comes great responsibility, and there I was like some half-wit sticking a fork in an electrical outlet. I realize the need to be careful as root in Unix systems, and in the case of Ubuntu when running sudo, but still: oops.
Maybe I was lured to incaution by the rapid typing of commands while trying to get something working, in this case: TrueCrypt. I had set the SUID bit on it with sudo chmod u+s /usr/bin/truecrypt so that a regular user could run the program, but I was concerned about security issues.
I find that in both Windows and GNU/Linux, people are quick to suggest and try things that make the systems less secure in order to get things working. Or maybe it’s that Windows starts weak by default in order to make it more “user friendly,” and free software enthusiasts who sneer at the vulnerabilities in Windows are often quick to throw out the hard stuff for convenience anyway. In either case, I don’t want to get in the habit of sacrificing security for the first workaround or kludge that makes something work as desired.
As I start learning about setuid and setgid, I’m leery of latching on to them too quickly. In the case of TrueCrypt, a little poking around revealed that it had a SUID vulnerability in a recent release. It was fixed, but it reinforced my concerns. Better to avoid that avenue of attack altogether if possible.
I was reminded while searching around that sudo can be used instead to limit rights for a program more specifically, which led to looking at the sudo executable and the sudoers file and so on. After getting sudo thoroughly on the brain, I went to change permissions for truecrypt back to the default 755, but typed sudo chmod 755 /usr/bin/sudo.
It took a few moments and follow-up commands for it to sink in what I had done. The great depths of stupidity to which I had suddenly plummeted. It’s kind of like a car accident or slipping and falling on ice and breaking a leg. One moment you’re going about your day with thoughts of more pleasant things to come, and the next, you’re hosed. One mistake, one mix-up, and now you have something for which you’re going to have to suffer the consequences for awhile.
Fortunately, it turned out to be more like locking my keys in the car and having my own Slim Jim at hand.
But for a couple of minutes there was an almost delicious sense of regret and fear. I’m starting to find my way around the labyrinth, but I’m not especially confident about my ability to avoid the minotaur. I know he’s in there, waiting to devour careless seekers like myself. No matter how much I willed it to be so, there was no way I could undo the mistake and change the permissions back. I tried su and was presented with a password prompt, but never having set a root password, it was hopeless. That one file is kind of important for administering the system.
Getting to the exciting conclusion of this misadventure, I searched for [ubuntu sudo permissions] and the first result, Troubleshooting Sudo, had this promising Google excerpt: “How can I edit the /etc/group file if I don’t have sudo permissions?” My problem was easier than the one covered there, but I learned how to get in to recovery mode at startup time, and from there it was simple to fix the sudo file permissions as root. Phew! What a relief.
It was disturbing to me that it was so easy to get in to the system as root, with no password required. I’ve heard that there are plenty of ways to compromise a system if you have physical access to the box, even if the root password is set, but it goes against my comfort zone so I set the root password. I’ve seen warnings about enabling the root account, but so far so good. I don’t see what the problem of having a password on there could be. Maybe someone can enlighten me?
A final note: the Ubuntu project has a nice page about its use of sudo and associated pros and cons.
7 Comments
“I don’t see what the problem of having a password on there could be. Maybe someone can enlighten me?”
Not being an Ubuntu user, I can’t really speak to that particular platform, but having administered plenty of Unix and Linux systems that prompt for the root password when booting single user mode, I can tell you it’s completely pointless to do so. Why prompt for the root password when it’s so easy to boot from the installation CD, mount the root filesystem and type “vi /etc/shadow”?
If you’re thinking that certain operating systems out of Redmond have an advantage here, you’d be wrong. There are some nice bootable CD’s out there, based on Linux of course, that allow you to remove the administrator’s password from the SAM database.
No physical security means no security at all — unless you encrypt the filesystems. Funnily enough, that’s just what plenty of folks are doing with their laptop computers.
21 February 2007 at 4:28 pm
Hi, Mario. I don’t think I’d say it’s completely pointless. Maybe there’s the situation where your kid or kid’s friend manages to start the machine in single user mode but doesn’t know any workarounds. They’re just goofing around. You might prevent some mischief that way. I realize it’s not going to do that much for you, but is there some reason it would actually make things *worse* to have the password?
(And no, I wouldn’t expect any greater level of security for Windows.) :-)
Thanks for stopping by and commenting.
21 February 2007 at 8:14 pm
It makes matters worse when you have a system that needs to have fsck run manually and you don’t have the install disk handy in the server room. You don’t want to be staring at a prompt for root when 300,000 users are bombarding the help desk with demands for their email.
As for keeping the kids out – they’re surprisingly crafty. If they know how to get the system into single user mode, chances are they know what they’re doing and the only way to stop them is with a good dose of crypto.
In my opinion, the prompt for root at single user boot is just an annoyance.
22 February 2007 at 8:39 am
There are a million and one ways to get into your computer from behind the keyboard. If you have a password, they can run single user. If you have a password for that too, they can use a boot disk. If you have cdrom boot disabled and your bios locked, they can use a backdoor bios password, or remove the battery. If you have your drive encrypted, they can install a keylogger in your keyboard and get all of your passwords.
Mario said: “As for keeping the kids out – they’re surprisingly crafty. If they know how to get the system into single user mode, chances are they know what they’re doing and the only way to stop them is with a good dose of crypto.”
Not every problem needs advanced techniques like passwords and cryptography. Sometimes, the best solution is a good ol’ fashioned spanking. Keep it simple.
25 February 2007 at 6:00 pm
Well. Thanks, guys, for feeding my already well-developed sense of paranoia. :-)
I hear what you’re saying, but I still lean towards the password for the same reason I lock my front door. Even if there are many ways to defeat it, it makes me feel a little bit better. (Even if it’s only illusory or a placebo.)
Keyloggers are a nasty specter, whether from physical access or otherwise. For physical access, I’m more concerned about the simple theft of one of my computers than somebody sneaking in a keylogger, in which case crypto should be sufficient to prevent the thief from getting at the encrypted files.
25 February 2007 at 9:32 pm
I guess the guy that suggest kids to be spanked instead of using cryptography is a pervert. Yes, there are perverts who get off spanking kids, so watch out. Those people hide behind a curtain of conservatism and self-righteousness but at the end their impulses cannot be denied.
So, WK1, why don’t you keep things simple and TALK to your kids? Imagine a world in which IT security was achieved by means of violence. We’d live in a permanent state of war.
Use cryto and leave the kids’ butt alone.
3 September 2007 at 12:07 pm
Hi, Kevin. Please watch the personal attacks — I think that is quite an unfounded and uncalled-for accusation.
A discussion on the merits of spanking as a method of child discipline would be fine (even if off topic), but are you suggesting that everyone who advocates it is a pervert?
Maybe you didn’t mean to state it so harshly, but really, what did WK1 say to deserve that? I’m tempted to delete part of your comment–and still may do so–but I’d prefer to keep the censorship to a minimum.
I welcome your participation, but let’s keep it civilized. It’s unacceptable to make charges so carelessly.
3 September 2007 at 2:46 pm