shutdown the system from the BSD Subsystem
- Thread starter fddi1
- Start date
I recommend against sudo.
Sudo by default on OS X is very insecure.
Generally sudo should be avoided. There are times when you do need to give sudo access to some user- but *NOT* they way OS X does it (the PB did it better, btw) and you should aleways try to find another way.
For example- if you don't want the webmaster on a system to have root but he needs to be able to restart the webserver, many sys admins give sudo to the webmaster to restart the webserver (since http is port 80 and https is 443, both under 1024- only root can start those services).
A better solution, however, is to edit httpd.conf and change the webserver to run at a port above 1024 so the webmaster can restart it w/o needing sudo.
Then, you port forward port 80 to whatever port its really running at.
Problem solved w/o sudo.
I realize OS X is a desktop OS and not a Server OS, but its good to think security.
If you have ftp'd anything to an admin account on OS X ot telnet'd into an admin account- you have potentially given root access away (ssh and scp are not as bad) because of how Apple implements sudo.
I started another thread on that here- but if you want the fix-
http://24.5.29.77/Linux_Pages/howto/sudo.php
Sudo by default on OS X is very insecure.
Generally sudo should be avoided. There are times when you do need to give sudo access to some user- but *NOT* they way OS X does it (the PB did it better, btw) and you should aleways try to find another way.
For example- if you don't want the webmaster on a system to have root but he needs to be able to restart the webserver, many sys admins give sudo to the webmaster to restart the webserver (since http is port 80 and https is 443, both under 1024- only root can start those services).
A better solution, however, is to edit httpd.conf and change the webserver to run at a port above 1024 so the webmaster can restart it w/o needing sudo.
Then, you port forward port 80 to whatever port its really running at.
Problem solved w/o sudo.
I realize OS X is a desktop OS and not a Server OS, but its good to think security.
If you have ftp'd anything to an admin account on OS X ot telnet'd into an admin account- you have potentially given root access away (ssh and scp are not as bad) because of how Apple implements sudo.
I started another thread on that here- but if you want the fix-
http://24.5.29.77/Linux_Pages/howto/sudo.php
Strobe, I'm sure it would've been more productive (not to mention polite) of you to clarify to the other person that Mac OS X is a "consumer" OS, and as such, Apple had to things a certain way to make it as easy as possible for, ermm, consumers in general.<br>
Wait for OS X Server, and it'll probably have all the security features you'd expect from a Unix system.
Wait for OS X Server, and it'll probably have all the security features you'd expect from a Unix system.
strobe
Puny Member
That's not the issue, his complaint which he has been spreading everywhere he walks is that sudo has a problem.
There is absolutlely no security problem here. Also there is no security features missing. This is the exact kind of FUD I would like to avoid.
admins have sudo access, it's as simple as that. If you don't want a user to have sudo access don't make them an admin.
OS X Server will not change this, there is nothing to change or fix--period!
There is absolutlely no security problem here. Also there is no security features missing. This is the exact kind of FUD I would like to avoid.
admins have sudo access, it's as simple as that. If you don't want a user to have sudo access don't make them an admin.
OS X Server will not change this, there is nothing to change or fix--period!
Having read resedit's linked page on the problems with (and solutions to) apple's OS X consumer sudo implementation, I believe he does raise a point you have not addressed in your commentary.
A simple scenario, given by resedit, could be the following:
A person has a single account on their OS X machine, of necessity with admin access.
That person uses telnet or ftp to connect to that machine.
A hacker (script kiddie, BOFH, whatever) sniffs the login/password used for that connection.
The hacker now has the password to an _admin_ account, and with apple's implementation of sudo, that means root access.
Essentially, sudo asks for an admin password, which this hacker now has. 'su --command=' or reasonable substitution therof, on the other hand, asks for the _root_ password which the hacker still does not know.
This does not seem an unreasonable scenario to me, and I was surprised to see someone with senior status in this forum speaking with the tone you did without addressing the poster's seemingly legitimate concerns.
A simple scenario, given by resedit, could be the following:
A person has a single account on their OS X machine, of necessity with admin access.
That person uses telnet or ftp to connect to that machine.
A hacker (script kiddie, BOFH, whatever) sniffs the login/password used for that connection.
The hacker now has the password to an _admin_ account, and with apple's implementation of sudo, that means root access.
Essentially, sudo asks for an admin password, which this hacker now has. 'su --command=' or reasonable substitution therof, on the other hand, asks for the _root_ password which the hacker still does not know.
This does not seem an unreasonable scenario to me, and I was surprised to see someone with senior status in this forum speaking with the tone you did without addressing the poster's seemingly legitimate concerns.
strobe
Puny Member
His concerns are moronic. An admin has root access, that's all he has to know. If a person creates an FTP server on MacOS using Net Presentz it's exactly the same situation! He can either create a user in users and groups and set the privilages for that user. If he uses the master user to login, it's *exactly* the same! Furthermore this has NOTHING to do with sudo! Admins have root access, it's as simple as that. Yeesh
The main concern I have, which I have brought up many times and resedit has not, is that anonymous users have automatic access to any non-root volumes. This is why I will never create accounts on OS X, they can do whatever they want with my non-root volumes and I have better things to do than chown -R myname //Volumes every time I insert a new disk.
The main concern I have, which I have brought up many times and resedit has not, is that anonymous users have automatic access to any non-root volumes. This is why I will never create accounts on OS X, they can do whatever they want with my non-root volumes and I have better things to do than chown -R myname //Volumes every time I insert a new disk.
Since we're on the topic of security issues with "sudo", point your browser here...
http://www.stepwise.com/Articles/Workbench/2001-05-01.01.html
http://www.stepwise.com/Articles/Workbench/2001-05-01.01.html