sudo passwords (w/o shipped audit logs) are security theater as one can just shim tty/shell/sudo. Including all desktop machines. Discuss.
-
-
Replying to @FiloSottile
I admit I don't understand what you are saying, though I should
2 replies 0 retweets 5 likes -
Replying to @Kelly_Clowers
If I compromise user alice, I can just watch the tty until Alice types the sudo password, then use it to get root.
4 replies 0 retweets 5 likes -
Replying to @FiloSottile @Kelly_Clowers
This is why I maintain that sudo/su/passwords in general are evil & you should only login as root via pubkey ssh
1 reply 0 retweets 3 likes -
And for local root on desktop/laptop you should only login on console, not su[do] from a another user's xterm.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @FiloSottile
probably, but sometimes I need to copy/paste one way or another :-/
1 reply 0 retweets 0 likes
Replying to @Kelly_Clowers @FiloSottile
You can save the pasted text to a text as one user and read it as the other. Slightly less convenient but...
8:23 PM - 24 Aug 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.