Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PlanetLab Creates a More Advanced Sudo

timothy posted more than 3 years ago | from the world-will-beat-a-path-to-your-door dept.

Networking 153

angry tapir writes "Researchers at the PlanetLab global research network have developed a potential replacement for the widely used Unix sudo tool, called Vsys, that will offer administrators far greater control over what end users can and can't access. Vsys is similar to sudo, except it offers finer-grained access to system resources. PlanetLab created Vsys as a way to allow its researchers to access low-level network functionality so they could develop new network technologies — overlay networks, user-level file systems, virtual switches — while their experimental work remained safely isolated from other users."

cancel ×

153 comments

Sorry! There are no comments related to the filter you selected.

So my one question (4, Funny)

JoshuaZ (1134087) | more than 3 years ago | (#36509022)

Will this mean they'll need to update the xkcd shirts?

Re:PlanetLab Creates a More Advanced Sudo (0)

xeon13 (2268514) | more than 3 years ago | (#36509260)

Re:PlanetLab Creates a More Advanced Sudo (0)

michiko (2270072) | more than 3 years ago | (#36509272)

ummmm .!? yup u can say that.

Re:PlanetLab Creates a More Advanced Sudo (1)

essayservices (2242884) | more than 3 years ago | (#36509294)

---> this is a new technology so people should have to know about that maybe people already know this

Re:PlanetLab Creates a More Advanced Sudo (0)

xeon13 (2268514) | more than 3 years ago | (#36509312)

yup maybe people knows :|

Re:So my one question (1)

SeaFox (739806) | more than 3 years ago | (#36509792)

"Vsys make me a ham and swiss on rye... with dijon, lettuce and tomato. Hold the onion."

Re:So my one question (1)

evanism (600676) | more than 3 years ago | (#36510116)

Sudo, make me a sandwich.

Now: FFFFUUUUUUUUU, make me a sandwich.

Test it... (0)

Anonymous Coward | more than 3 years ago | (#36509026)

Vsys sudo rm -rf /

Re:Test it... (1)

Hylandr (813770) | more than 3 years ago | (#36509214)

# :vsys su -

Password for User : FU

$ :

- Dan.

This won't catch on. (-1)

Anonymous Coward | more than 3 years ago | (#36509036)

After all, "vsys make me a sandwich" just doesn't have the same ring to it.

Better replacement (1, Informative)

Anonymous Coward | more than 3 years ago | (#36509046)

I'd rather use su.

Re:Better replacement (0)

Anonymous Coward | more than 3 years ago | (#36509610)

you dunce

Re:Better replacement (2)

buchner.johannes (1139593) | more than 3 years ago | (#36510582)

Isn't PolicyKit meant to do the fine-control root access?

I don't need more. (1)

drunkennewfiemidget (712572) | more than 3 years ago | (#36509048)

sudo already does everything (and more!) I could possibly need it to.

I'm certainly not against choice, just pointing out that it won't mean much for me.

And as the AC above me has already said; 'vsys make me a sandwich' just doesn't sound right.

Re:I don't need more. (3, Informative)

retchdog (1319261) | more than 3 years ago | (#36509064)

uh, yeah, that's kind of the point... vsys (ideally) won't do "more". it's not intended for users who own/admin their system.

Re:I don't need more. (3, Funny)

cowbud (200323) | more than 3 years ago | (#36509848)

They should have called the command vudo.

Re:I don't need more. (0)

tqk (413719) | more than 3 years ago | (#36510002)

They should have called the command voodoo.

FTFY.

I've never seen the point of sudo. "su -c $blah" should be all anyone needs.

Re:I don't need more. (2)

SigmundFloyd (994648) | more than 3 years ago | (#36510212)

I've never seen the point of sudo. "su -c $blah" should be all anyone needs.

You are missing the whole point of sudo...

Sudo is for letting unprivileged users issue specific administration commands without knowing or entering the root password. Yes, it can also be used as a temporary `su`, but that's not what it's for.

I just hope this new tool comes with better documentation, because I always hated that unsightly sudoers(5) man page with a passion.

Re:I don't need more. (0, Flamebait)

tqk (413719) | more than 3 years ago | (#36510268)

You are missing the whole point of sudo...

Sudo is for letting unprivileged users issue specific administration commands without knowing or entering the root password.

I know what sudo does. That doesn't mean I like it. sudo is "for letting unprivileged users" ignore the existence of root, plain and simple. Bad idea.

Re:I don't need more. (5, Insightful)

SigmundFloyd (994648) | more than 3 years ago | (#36510320)

I know what sudo does.

If you knew what sudo does, you wouldn't have written this:

"su -c $blah" should be all anyone needs.

sudo? why bother (0, Troll)

tomhudson (43916) | more than 3 years ago | (#36509058)

Real users always have few terminals open as root.

I've used sudo once in my life - and that was on someone else's crapuntu box - "sudo sh."

Silly rabbit, sudo is for kids.

Re:sudo? why bother (2)

Anubis350 (772791) | more than 3 years ago | (#36509080)

When you have multiple admins on a system that can be a recipe for confusion, if nothing else sudo's logging is useful. Being able to restrict your users to be able to do *some* things as root is useful, and being able to allow them to do some things as another user, not necessarily root, is powerful sometimes - I had one project years ago I had to work around an old piece of library software with an utterly arcane user privilege setup. The simplest solution ended up being creating it its own user, where everyone who needed the software ran it as that user (transparently by opening it using a shell script I wrote). sudo is a very useful tool :-)

Re:sudo? why bother (0)

Anonymous Coward | more than 3 years ago | (#36509636)

Unless you know the possibilities that are already there. Kerberos, MAC and multilabel. Even more options available and the MAC framework is extensible.

Re:sudo? why bother (1)

robbak (775424) | more than 3 years ago | (#36509682)

There is always suid bit, which does that in the system.

If all your required users are in group zarkers, and the user with required permissions is zarker, then:
-rwsr-x--- zarker:zarkers zark
Will do that for you.

# chown zarker:zarkers /usr/local/bin/zark
# chmod u+rws,g+rx-w,o-rwx /usr/local/bin/zark

Re:sudo? why bother (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36510656)

The one serious deficiency(still ages ahead of just handing out the root password to everybody who needs to use su) with sudo is that the restrictions are on the level of what programs the user can run, rather than what they can do.

Given the number of *nix utilities that can be coaxed into functioning enough like a shell to invoke a full one, it is pretty easy to inadvertently assign permission for something that will let the user do anything they feel like...

Re:sudo? why bother (0)

Anonymous Coward | more than 3 years ago | (#36509138)

You pretentious and ignorant fuck pig. You can enable su on Ubuntu too.

Re:sudo? why bother (0)

Anonymous Coward | more than 3 years ago | (#36509152)

People who aren't idiots use sudo for proper logging. You're forgiven though; we were all imbeciles at some point.

Re:sudo? why bother (1)

tqk (413719) | more than 3 years ago | (#36510342)

People who aren't idiots ...

... Only give root privs to those who know how to use them.

*buntu has other ideas/agenda, which may be either good or bad, dependent upon circumstances.

Re:sudo? why bother (1)

thynk (653762) | more than 3 years ago | (#36509464)

$luser@yourbox:sudo su -
Please enter the password for luser:
#passwd

Yeah, that's tough. And the first thing I do on a new Debian based box.

Re:sudo? why bother (-1)

Anonymous Coward | more than 3 years ago | (#36509630)

He never said that it was hard to fix you nigger-jew.

Re:sudo? why bother (0)

Anonymous Coward | more than 3 years ago | (#36509714)

You don't need to do that in Debian though.

Re:sudo? why bother (1)

bcmm (768152) | more than 3 years ago | (#36510256)

I hate to break it to you, but you're an Ubuntu user, not a Debian user.

Most admins ignore sudo's granularity (4, Interesting)

profplump (309017) | more than 3 years ago | (#36509060)

Most admins ignore sudo's existing granularity, so why would they want an even more granular system? I'm not saying this new system has no uses -- clearly it does or no one would have built it -- but it's ridiculous to claim that it's likely to replace sudo in common usage when 75+% of admins have never changed the the default sudoers file, let alone wanted more even more granular control.

Re:Most admins ignore sudo's granularity (1)

syousef (465911) | more than 3 years ago | (#36509162)

vsys -goawayauditors -noreallyf&#$off ls -l /tmp/pornstash

just hasn't got the same ring to it as

sudo ls -l /tmp/pornstash

Re:Most admins ignore sudo's granularity (2)

Roachie (2180772) | more than 3 years ago | (#36509334)

Yea, Im not a fan of this already. You can do this here but not there. You can do that but not this over here. I got enough to deal with with the 15 passwords in my long term memory( that are going to expire in 90 days ) already.

Stay out of my way and let me work.

Re:Most admins ignore sudo's granularity (3, Insightful)

ChrisMaple (607946) | more than 3 years ago | (#36509488)

If you've ever worked with someone who's productive but untrustworthy, you know that some people need to be precisely limited in their access. I know it's frustrating when I have to ask for permission just to do my job, but it's better than the guy who frequently crashes the servers to do so, or to have an unqualified person adding untested changes to a design.

Re:Most admins ignore sudo's granularity (0)

Anonymous Coward | more than 3 years ago | (#36509436)

well I don't know about most admins but I use sudo at work, and at home. In fact every one uses it in the fortune 500 company I work at. Its used by developers, admins and the ops. So I guess were in the 25% eh? good to be a cut above the rest i suppose!

Re:Most admins ignore sudo's granularity (2, Insightful)

Frosty Piss (770223) | more than 3 years ago | (#36509460)

I don't know about most *nix systems admins, but I use root.

I'm not moron, I am neurotic about copious backups during work, I make the most of my development servers prior to pushing to the production servers, and am not generally susceptible to asking for problem solutions on-line and just assuming the rm -rf * is the solution to my problems (and it doesn't work with Windows...).

Seriously, do most admins really use sudo? I don't believe it.

Indeed there are a number of Linux distros that almost require it. I don'r use them.

Re:Most admins ignore sudo's granularity (1)

ArsenneLupin (766289) | more than 3 years ago | (#36510062)

Seriously, do most admins really use sudo? I don't believe it.

Not for themselves. But it might be useful for delegating simple tasks to junior admins (with a properly set up sudoers file, or else the junior will just do as described below...)

Indeed there are a number of Linux distros that almost require it. I don'r use them.

You're thinking about Ubuntu, I guess? On Ubuntu, you can do sudo bash, and then it's just the same as if you had done su. And then, you can assign a password to root, with which you then can log in directly as root. No need to shun Ubuntu just because of sudo, that one is ripped out easily.

Re:Most admins ignore sudo's granularity (1)

Nursie (632944) | more than 3 years ago | (#36509566)

75% of admins probably also don't do anything much with SELinux, but some people have a use for it.

I see this as the sudo equivalent - you can let users escalate prvileges with this, but only certain privileges. It's an extra tool for those who do need to lock things down at a very granular level, and as such will find a niche.

The likes of you and me at home or on the average (non public-facing) server will probably not care so much.

Re:Most admins ignore sudo's granularity (1)

profplump (309017) | more than 3 years ago | (#36509866)

It's not gonna be used on public-facing systems either. Tools like SELinux are much more appropriate for a "lock down" state with known behavior. This system was designed to grant extra privileges for unpredictable operations, which while similar in construction to SELinux is exactly the opposite application. Just about the only application for such a tool is multi-user systems where high-level privileges are needed by people other than those administrating the machine, which has to be a vanishingly small fraction of UNIX-like systems. And even on such systems the admin will still use sudo to to their own work.

Re:Most admins ignore sudo's granularity (1)

dbIII (701233) | more than 3 years ago | (#36510460)

With good defaults it may work.

SELinux? (1)

Anonymous Coward | more than 3 years ago | (#36509066)

Sounds similar to SELinux's TE and RBAC. But it would be awesome if they're easier to work with.

Re:SELinux? (1)

c0lo (1497653) | more than 3 years ago | (#36509120)

Sounds similar to SELinux's TE and RBAC. But it would be awesome if they're easier to work with.

Hmmm... something tells me that there's more to it, but I'll need to try it to understand more (RBAC is about decomposing the access and defining/assigning rights to elementary resources/operations. VSys seems to come with an element of composition).

TFA

"In contrast to these tools and their variants, the goal of Vsys goes beyond defining ACLs [access control lists] for privileged commands. Vsys is meant to facilitate the composition of existing tools to build isolated operations," the paper states.

Hilarious (3, Interesting)

timeOday (582209) | more than 3 years ago | (#36509090)

Finer grained!

The heaping myriad of security tools and controls is already beyond what anybody can properly utilize, by a huge margin.

Executable configuration? (3, Insightful)

Max Romantschuk (132276) | more than 3 years ago | (#36509092)

With Vsys, administrators can create scripts, called extensions, that can carefully detail which user actions are permissible. Extensions can be written in any programming language. The extensions are executable files.

I'm sure it's flexible, but wouldn't executable configuration be a potential source of programming errors, and thus an additional attack vector? If the extension is done correctly I assume all is well, but how do you make sure it is? Or are you better off using SELinux? (Which isn't user friendly either, but at least paranoid...)

Re:Executable configuration? (3, Insightful)

phantomfive (622387) | more than 3 years ago | (#36509450)

This solves a problem that probably exists nowhere outside PlanetLab: trying to segregate users who are trying to build experimental networks. Now, you might ask, why not just buy a different computer for each experimenter? And indeed that is what I would do, except, these experimenters are trying to experiment on clusters.

So they are trying to segregate the capabilities of various users over many nodes in a cluster, whom they rent time to in a shared system. So there you have it. If you are trying to rent time in a shared cluster to network researchers, this is the tool for you!!

Re:Executable configuration? (0)

Anonymous Coward | more than 3 years ago | (#36509496)

It seems like it could be useful for leasing out time on your pet botnet without risking it being stolen from under you.

Y'know, assuming your botnet is made of *n*x (probably ubuntu) boxen, instead of Windows PCs.

Re:Executable configuration? (1)

phantomfive (622387) | more than 3 years ago | (#36509536)

lol ya, and as a bonus, you can rent time to the owner! Brilliant idea.

Noooo Was: Re:Executable configuration? (0)

Anonymous Coward | more than 3 years ago | (#36509670)

This solves a problem that probably exists nowhere outside PlanetLab: trying to segregate users who are trying to build experimental networks. Now, you might ask, why not just buy a different computer for each experimenter? And indeed that is what I would do, except, these experimenters are trying to experiment on clusters.

So they are trying to segregate the capabilities of various users over many nodes in a cluster, whom they rent time to in a shared system. So there you have it. If you are trying to rent time in a shared cluster to network researchers, this is the tool for you!!

You don't do that. Building experimental networks should be confined to virtual interfaces as long as possible. Just like giving kernel module writers access to a live and shared system. There is no problem handing over virtual networks to other people. There are so many proven methods we really don't need a new program. I think many people should learn what is already possible for years before writing new stuff. Would also help finding regressions in the linux userland. People shouldn't think they are the only ones with a certain problem. They should look how people did it before.

What? (1)

IICV (652597) | more than 3 years ago | (#36509140)

Is it just me, or does the article just sound really confused?

I mean, sudo has little to do with user permissions or anything like that - the mnemonic is "sub user and do". It tries to change the current user to the user specified in the command line (and uses root if none is specified), and executes the command it's given. That's it. That's all it does. It doesn't have anything to do with "fine grained permissions", that sort of thing should be handled at the OS level.

It's not a sudo replacement, it's something that changes the OS security model and probably has some other junk. Even with this thing installed, sudo will still sub user and do.

Re:What? (1)

OverlordQ (264228) | more than 3 years ago | (#36509226)

I mean, sudo has little to do with user permissions or anything like that - the mnemonic is "sub user and do". It tries to change the current user to the user specified in the command line (and uses root if none is specified), and executes the command it's given. That's it. That's all it does. It doesn't have anything to do with "fine grained permissions", that sort of thing should be handled at the OS level.

No, you're the confused one. sudo does that, try man 5 sudoers in your favorite shell

Re:What? (0)

Anonymous Coward | more than 3 years ago | (#36509466)

if the sudoers file is at default settings and user is allowed to sudo, all bets are off, right?

I prefer system that sudo doesn't exist (silly me, but listen ...)

If the user is also sudoer (as default settings), then sudo su - makes me a root (regardless root being disabled, OS X, I'm looking at you *argh*)

so, in a system where sudo is not 'enabled (single user case), I feel better having 2 separate passwords, root and user, instead of owning the system by sudo... ... maybe I'm just misinformed...

Re:What? (1)

icebraining (1313345) | more than 3 years ago | (#36510716)

You do realize that you don't need to use the default settings, right? I have a sudo entry for a daemon which only lets it run one specific command. I also have a sudo entry that lets me run Firefox as another user, to avoid having an exploit screw with my $HOME.

Just because you don't like the default settings doesn't mean the tool isn't useful.

Re:What? (0)

Anonymous Coward | more than 3 years ago | (#36509858)

I mean, sudo has little to do with user permissions or anything like that - the mnemonic is "sub user and do".

It's "super user do", actually.

Re:What? (0)

malsbert (456063) | more than 3 years ago | (#36510216)

that would be "switch user and do".

that is; you do not have to switch to root any user will do :)

try; man 8 sudo

A very real use case scenario (1)

simoncpu was here (1601629) | more than 3 years ago | (#36509172)

We need to protect users from buggy install scripts that execute rm -rf /usr.

Re:A very real use case scenario (0)

Anonymous Coward | more than 3 years ago | (#36509280)

Just don't install bumblebee in the first place.

Imitation of Solaris? (3, Informative)

guruevi (827432) | more than 3 years ago | (#36509196)

Solaris (and other RBAC's) allow you to remove root and have very fine-grained controls over who does what and where even in virtual machines (containers). This problem has already been solved before many, many times so I doubt there is a need for yet another system. Even sudo itself allows for very fine grained controls.

Re:Imitation of Solaris? (1)

toejam13 (958243) | more than 3 years ago | (#36509234)

Or of PowerBroker. We use it on our SunOS and Linux boxes at work, and it offers both fine grained delegation of rights as well as advanced logging.

Solaris RBAC (1)

prudhvi (988493) | more than 3 years ago | (#36509246)

Im not a huge Solaris fan. But, isn't this similar to Solaris RBAC?

Single user system (1)

thatskinnyguy (1129515) | more than 3 years ago | (#36509268)

Not trolling. Just fed up with sudo. For a single user system, why not have the option of just plain not installing it by default? I mean, its my system. I'm going to perform all root operations on it. Why do I have to be inconvenienced by this annoying application?

Re:Single user system (1)

wikid_one (1056810) | more than 3 years ago | (#36509304)

What distro are you using? Arch Linux doesn't install sudo by default. Every Arch install I've done required me to manually install sudo when it was required (and having it installed makes like a lot easier when using yaourt, so I ended up pretty much always installing it).

Re:Single user system (1)

XFire35 (1519315) | more than 3 years ago | (#36509370)

Yaourt... *shudder*

Re:Single user system (1)

Noughmad (1044096) | more than 3 years ago | (#36510016)

What's wrong with Yaourt, and do you know a better option?

Re:Single user system (1)

profplump (309017) | more than 3 years ago | (#36509892)

Is there something on your system that prevents you from escalating your privileges without sudo? I mean sure, minimal install set is a fine thing, but we're talking about 150k of data in /usr/sbin -- is it really a big problem for you? It seems a little like complaining that you always launch bash as bash proper and never as sh so the filesystem link annoys you and you're looking for a distro that doesn't include /bin/sh.

Also, being able to not set -- or have to remember or change -- a root password can be useful even on single-user systems. As can the ability to run specific programs with root privileges without authentication/etc., perhaps even limiting the arguments given to those programs to help keep their usage safe.

Re:Single user system (0)

Anonymous Coward | more than 3 years ago | (#36510472)

"Why do I have to be inconvenienced by this annoying application?"

It's called security, dumbass. And you have a duty to keep your computer secure if it's connected to other computers.

Why do users need root? (1)

IronSight (1925612) | more than 3 years ago | (#36509302)

If distro's/admin's adopt it or not is another question altogether. For most, the basic tools of: "su -c 'make install'" or "sudo" do all the needed things. On a well built system, why would the (non-sysadmin) user need root access for anything? Most businesses do not allow non-IT staff to install software or change anything more than the wallpaper. You usally need to make a request to IT to have something special done on your machine anyway. It's generally a good setup that way.

Re:Why do users need root? (1)

ChrisMaple (607946) | more than 3 years ago | (#36509508)

In my electrical engineering career I frequently had to write, compile, and run programs. Although that shouldn't require root, it certainly falls into the category of installing software.

Re:Why do users need root? (0)

Anonymous Coward | more than 3 years ago | (#36509808)

It all depends on what you mean by "installing". In your case, simply putting them into your home directory is enough, and that certainly doesn't require any additional privileges.

Re:Why do users need root? (1)

DarwinSurvivor (1752106) | more than 3 years ago | (#36509642)

On a well built system, why would the (non-sysadmin) user need unrestricted root access for anything?

FTFY. sudo allows you to specify WHAT each user is allowed to do (and even as which other user). A common use is allowing your webmaster to reload or restart apache. With sudo, you can authorize "sudo /etc/rc.d/httpd reload" but deny them from installing software, modifying iptables, etc.

There are also some VERY creative things you can do such as setting up an internal repository (with limited applications/libraries) and allow desktop users to install extra software from it, but not add further repositories. This would allow your desktop users to pick their web browser, text editor (vim, emacs, geany, eclipse, etc) without allowing them to install a web server or something that needs proper securing.

what sudo can't do (1)

Errtu76 (776778) | more than 3 years ago | (#36509322)

is wildcards in usernames. For example, i have multiple users that i have named 'test-user1', 'test-user2', etc. Now if i want to give them sudo access for a certain set of commands, i would either have to create an entry for each user in sudoers, or place them all in a group and put that in the sudoers file. Both are not quite optimal as it requires me to maintain the sudoers file manually (i want it to be dynamic) or maintain a separate group on posix level.

What would be nice is if sudo would allow me to create a test-* entry. Maybe vsys can do that. Although that's the only missing feature of sudo i would actually need. For the rest, sudo suits my needs just fine.

Re:what sudo can't do (1)

aiht (1017790) | more than 3 years ago | (#36509406)

Should be fairly easy to make a script that converts a template sudoers-with-wildcard-usernames into a normal sudoers, with each wildcard line replaced by a set of lines for each matching user.
Of course, that's not dynamic either, but I'm not sure what you mean by dynamic in this scenario anyway.

Re:what sudo can't do (0)

Anonymous Coward | more than 3 years ago | (#36509452)

Just use groups to handle it. I believe usermod handles wildcards.

you've answered yourself (1)

dutchwhizzman (817898) | more than 3 years ago | (#36509540)

Groups should be defined in one place to avoid confusion. /etc/group is the place for that.

You have no idea how annoying it is if you have to admin a box that has had some system admin try and reinvent the wheel and not document it thoroughly. I do consultancy for a quite a while and just finding out what people have done while a distro/OS provides proper tools for something, is a large part of dealing with emergencies while production systems are down. It may sound like a sure way to be replaced, but please think of the poor sod replacing you when you've moved on to greener pastures. Either use the tools the way they were intended, or document everything you're doing like you're passing on to a novice.

Re:what sudo can't do (1)

Rennt (582550) | more than 3 years ago | (#36509558)

Easily done. Just make your test users members of a group called "test", then in the sudoers file grant access to "%test" instead of to individual users.

Re:what sudo can't do (1)

profplump (309017) | more than 3 years ago | (#36509922)

He wants to have group-determined-by-name behavior and not from POSIX groups. I'll agree it's "easier" in that you don't have to make/use groups, but it's a terrible conflation of functionality which makes it easy to muck up in a whole variety of ways. Just wait until "Jeremy Testarossa" creates what he thinks is a perfectly reasonable username.

That being said, it would be trivial to setup a script that reads the list of users and builds the membership of related groups (possibly even creating groups) based on the username-embedded group names.

Re:what sudo can't do (1)

DarwinSurvivor (1752106) | more than 3 years ago | (#36509596)

If you create a group (testgroup) and add that to the sodoers file, all you need to do is add your new users to that group. It requires no sudoers editing what-so-ever.

Re:what sudo can't do (1)

Errtu76 (776778) | more than 3 years ago | (#36509850)

Yes. And to others who have also said this: i did say i'm using that solution now to give permissions to users. What i meant is that wildcards for users in sudoers file would be a nice feature.

Really? (1)

TheRealQuestor (1750940) | more than 3 years ago | (#36509374)

And here all this time I always thought sodu's more advanced replacement was su

Re:Really? (-1)

Anonymous Coward | more than 3 years ago | (#36510404)

Exactly, although su predates sudo by a few years. I never used sudo because I remember the program having security problems. It makes me laugh when neophytes tell me that I shouldn't be using su, that sudo is the one true way. Sorry, the reason you're using sudo is this: you are not an experienced sys admin. Most these guys are the sole user and admin on their systems, so much for sudo granularity over the wheel group (oh... right!).

Last time I fucked something up on any system while logged in as root: never! Sure, it could happen... the consequences still wouldn't be severe enough to justify sudo.

Without reading the article... (1)

Tanuki64 (989726) | more than 3 years ago | (#36509428)

...I assume crap. Why? There are plenty systems to get finer grained rights, e.g. acl. Problem is, most developers or administrators are unable to cope with even the most simple owner/group/other access controls. Make it more flexible and powerful and you get that much more security risks that the advantages by far outweigh the problems.

Re:Without reading the article... (0)

Anonymous Coward | more than 3 years ago | (#36510252)

it actually sounds like they would've benefitted more from virtualboxes.

Sudo + LDAP + Plugins (1)

tanawts (786512) | more than 3 years ago | (#36509454)

I don't see why you cannot properly scale Sudo via LDAP: http://www.gratisoft.us/sudo/man/1.8.1/sudoers.ldap.man.html [gratisoft.us] I also believe some of the functionality described by the article can be achieved via the Plugin API introduced in Sudo 1.8.1: http://www.gratisoft.us/sudo/man/1.8.1/sudo_plugin.man.html [gratisoft.us]

kerndo appdo drvdo rootdo (0)

Anonymous Coward | more than 3 years ago | (#36509470)

One "admin" password for everything is possibly not enough,

What I want is a separate password for the various layers of the System.
e.g
1 to do things to the kernel and above,
2 to stop/start/load/unload/configure driver modules or do operations on drivers
3 to install/remove apps
4 user security for the rest.

So I don't have to give the admin/root password to install an app I just downloaded, or load a potentially flaky new driver

To sum up our responses to this... (1)

fahrbot-bot (874524) | more than 3 years ago | (#36509528)

...yawn.

Testing (1)

dimethylxanthine (946092) | more than 3 years ago | (#36509546)

Now somebody just needs to find the buggy buffers and write a few exploits. Nothing like the 20 year-long beta to get critical OS components to a state where sudo is now in *BSD/Linux.

I like my sudo like I like my salad... (1)

pasv (755179) | more than 3 years ago | (#36509590)

Light (couldn't think of a better one)! It is my understanding that sudo is a setuid binary and that being true makes it one of the most dangerous code bases on a system. The more 'fine-grained' you get the more of an attack surface you expose just by the difference in code size. Sudo has already its share of vulnerabilities with the size that it is. KEEP IT SIMPLE STUPID!

Users vs Programs (2)

Software Geek (1097883) | more than 3 years ago | (#36509658)

The problem with the Unix security model is that it is designed to protect users against other malicious users. It does this by allowing each user to trash his own space, but not anyone else's space. But in modern computing environments, there is usually only one user, and sometimes less, and the challenge is to protect the computer against malicious programs. So, letting every program trash the one user's space isn't really that useful.
Of course the Unix security model can be adapted to protect against malicious programs. But in practice it is so difficult that no one bothers to try.

It appears to me, after a brief scan of TFA, that vsys just provides finer granularity without addressing the fact that the security model is fundamentally broken.

We need a model that makes it natural and easy to run every program in its own sandbox.

Re:Users vs Programs (0)

Anonymous Coward | more than 3 years ago | (#36509810)

That's exactly what selinux does. Of course when every action each program can take needs to be permitted, you end up with a large complex configuration, or you can't even boot the machine. Fortunately modern distributions normally come with selinux configs for the system and the most common applications.

Re:Users vs Programs (1)

profplump (309017) | more than 3 years ago | (#36509948)

It's easy enough to run each program in its own sandbox. It's just that those programs then aren't very useful. I'd frequently like to download files and later open them in something other than my browser. And I'd rather like to be able to print directly from my web browser, rather than downloading files, using whatever external mechanism is allowed to transfer files among the sandboxes, and then opening lpr so I can send those files to my printer.

And as soon as you start poking holes in that system to let programs share disk space or talk to each other via IPC or sockets or whatnot you're in the same mess we have now -- all you really have is disk privileges and memory isolation to keep you safe. Systems like Apple's iOS provide pretty good sandboxing, but they do so at the cost of a lot of functionality that I'm not willing to give up. And even that leaves plenty of potentially exploitable holes.

Now, there are approaches (and this new system actually works along those lines, as does SELinux) that allow you to say things like "user A can write to ~/Downloads and ~/bin from their shell, but user A running program X can only write to ~/Downloads". That's not complete sandboxing, but does provide fine-grained controls to mitigate potential damage. Unfortunately it requires a very detailed profile of what is "normal" behavior for a specific user/program combination, and while that may be worthwhile on an Internet-facing server with no local users it would sure make it hard to do normal work on your self-administered desktop unless you were willing to continuously manage the behavior profiles.

cheese burger? (1)

Phoe6 (705194) | more than 3 years ago | (#36509774)

What? You have a cheese burger now? Fine, Thank you. I am happy with my sandwich. (I see sudo wagging it's tail)

su (1)

dexomn (147950) | more than 3 years ago | (#36509920)

su-su-sudIO!

I still log in as root (0)

Anonymous Coward | more than 3 years ago | (#36510146)

Does that make me a bad person?

Oh, it's this time of year again... (1)

Pf0tzenpfritz (1402005) | more than 3 years ago | (#36510436)

what will be next? SCO raises from the approxmately twenty times dead and threatens to sue Linux users?

Fine grained? (1)

MichaelSmith (789609) | more than 3 years ago | (#36510440)

People hardly ever use the fine grained security in sudo anyway.

There's no story here...move along. (1)

jacobsm (661831) | more than 3 years ago | (#36510524)

Sounds like RACF (Resource Access Control Facility) for mainframe operating systems (zOS and zVM). It's been around for 40+ years.

Subject to race conditions -- lame (4, Insightful)

plsuh (129598) | more than 3 years ago | (#36510556)

Folks,

Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:

http://www.watson.org/~robert/2007woot/ [watson.org]

--Paul

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>