sudo passwords (w/o shipped audit logs) are security theater as one can just shim tty/shell/sudo. Including all desktop machines. Discuss.
-
-
Replying to @FiloSottile
so you're saying i have to `echo "auth sufficient pam_radius_auth.so" | sudo tee -a /etc/pam.d/sudo` with a radius OTP now?!
1 reply 0 retweets 0 likes -
Replying to @prdonahue
or just drop the pretense. There's no priv boundary on desktops. There's no priv boundary between sudoers and root.
1 reply 0 retweets 3 likes -
Replying to @FiloSottile @prdonahue
It might be meaningful if you only log in as root at a VT. Not a useful boundary on a single-user machine though...
2 replies 0 retweets 0 likes -
-
Replying to @FiloSottile @prdonahue
Virtual terminal, i.e. ctrl-alt-f2, which might be intercepted by kernel in a way that can't be blocked (not sure).
1 reply 0 retweets 0 likes -
afaik it's safe - as long as the attacker doesn't have access to *any* real tty
1 reply 0 retweets 0 likes -
Replying to @tehjh @CopperheadOS and
as soon as you have one, you can switch to/from it with ioctl(fd, VT_ACTIVATE, <tty number>)
1 reply 0 retweets 0 likes
(yes, the one you have access to needs to be your controlling terminal. but still.)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.