SUMMARY : sudo program

From: Steve Belcher (bcstec!esprit!steveb@uunet.uu.net)
Date: Wed Jul 10 1991 - 15:51:45 CDT


Original question

We are considering using 'sudo' in a production environment. We are especially concerned about security and the pitfalls of using this program. So, I would like to hear about problems Sun administrators have encountered using 'sudo'.

Brief description

'Sudo' is a program that grants trusted users access to certain root operations without having to give them the root password. The 'sudo' code is provided in the book "UNIX System Administration Handbook" by Evi Nemeth, Garth Snyder, and Scott Seebass, Pr
intice-Hall, 1989, ISBN 0-13-933441-6. If you are a UNIX system administrator, you need this book.

Summary of responses

People who have been using 'sudo' haven't experienced serious problems with the program. However, it shouldn't be used as it appears in the book. Anonymous ftp sites have a later version that fixes security bugs.

Other people have modified 'sudo' either to fix security bugs or add different features. Another person is in the process of writing a sudo-like program that should be available in the near future. Also, as I was sorting through the responses, a new sudo-
like program came across the net. It's called "Op: A Flexible Tool for Restricted Superusers Access" by Tom Christiansen. It looks like a good alternative to 'sudo'.

Here is a list of some of the complaints I received about 'sudo':

1) logging should be done via syslog

2) its parsing of the authorization file is more for those who want
   to learn about C. Using string functions is better.

3) the authorization file should be a NIS map and specify on what
   machines the commands apply.

4) it could do more rigorous argument checking

Here is a list of warnings to consider if you decide to use 'sudo':

1) have your resident security expert go over the program and plug up
   any possible security holes.

2) only allow trusted users access to 'sudo'

3) don't allow csh, sh, (any shell), su to be used with 'sudo'

4) put 'sudo' in a restricted directory and not in a normal search path.

5) make 'sudo' executable only to a certain group

6) check the access log daily
   
Disclaimer

This is not a recommendation for or against 'sudo' or sudo-like programs.

Thanks to all of the people who took time to respond to my inquiry.

Steve Belcher Internet: steveb@dingo.ca.boeing.com
Boeing Computer Services UUCP: ...!uunet!bcstec!dingo!steveb
P.O. Box 24346, MS 6R-58 Phone: (206) 234-5126
Seattle, WA 98124



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:21 CDT