LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-09-2006, 11:43 AM   #16
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,776

Rep: Reputation: 86

This question has already been answered on the Ubuntu forums--the same thread posted by fakie_flip
 
Old 08-09-2006, 12:57 PM   #17
Xena
Member
 
Registered: Nov 2005
Posts: 84

Rep: Reputation: 15
Obviously I had to assume a username and password of five characters.

Go ahead and guess the username I'm using on this linux box. It's not what you might think

And I never said anything about remote access... so careful about what you've assumed...
 
Old 08-09-2006, 01:20 PM   #18
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,299
Blog Entries: 8

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
Why should I have to guess your password? A hacker would be using a dictionary attack.

But since you don't want me to make assumptions, please eliminate the need for them. Explain EXACTLY what circumstances for a hacking attempt you're talking about, where Ubuntu's sudo is supposedly more secure.

Oh--I didn't bother noting it before, but a 5 letter password is simply not sufficiently secure for anything where a brute force attack is possible (regardless of whether it would be guessable via dictionary attack).

In any case, a normal root account with a 10 letter password is more secure than a user account with a 5 letter userid and 5 letter password.

Oh--but there are those ASSUMPTIONS again...so please. Explain precisely what sort of situation you're imagining where Ubuntu's sudo default is more secure than a root account.

At any rate, as far as I'm concerned the proof is in the pudding. The majority of servers on the 'net have normal root accounts, proving every day by example that they can be sufficiently secured.
 
Old 08-09-2006, 02:38 PM   #19
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,452

Original Poster
Rep: Reputation: 85
Arrow

Quote:
Originally Posted by Emerson
Code:
ubuntu@ubuntu:~$ sudo echo "deb http://kubuntu.org/packages/amarok-latest dapper main" >>
/etc/apt/sources.list
bash: /etc/apt/sources.list: Permission denied
ubuntu@ubuntu:~$
This is how it looks in my browser, the line is broken. Which does not mean it wasn't one line when you wrote it.
No, it's just word wrap.
 
Old 08-09-2006, 02:45 PM   #20
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,452

Original Poster
Rep: Reputation: 85
Quote:
Originally Posted by Xena
Technically, yes, practically, no.

If I try every combination of aaaaa to zzzzz as passwords, for example, for the user "root" I need to try 11 million times.

If there's no "root" account enabled, then I must try every combination of usernames aaaaa to zzzzz with password aaaaa to zzzzz, which is 11 million times 11 million times, which is rather a lot and probably beyond the patience of all but the most determined.

So, I'd count this as a very good "non-feature"
I have logged into a XUBUNTU box (which is the same thing as Ubuntu except the windows manager is XFCE, not Gnome) as root with ssh. Most Ubuntu boxes allow logging in as root because that's the way Ubuntu comes by default. If not the user is intelligent enough to disable root logins, then someone will have to try 11 million times 11 million or just simply know a user name.
 
Old 08-09-2006, 04:20 PM   #21
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
I've noticed the same thing on SuSE linux when I tried to add a line to the hosts file. It holds true for redirections from the command line and not just the echo command, but not if you sudo to run a script that contains redirections to a read only directory it works. I'm not certain if there is a reason for it this. But it isn't Ubuntu that is doing it.

Why sudo doesn't allow redirection in interactive shells I don't know. Does this mean that a line like
sudo echo "1" > /proc/net/ipv4/ip_forward
won't work?
 
Old 08-09-2006, 04:35 PM   #22
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,299
Blog Entries: 8

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
Actually, sudo has no say on how redirection is handled. Redirection is a shell function. The shell, presumably bash, is running as the normal user. So what happens is:

1. bash interprets the arguments, splitting it up into:

a) sudo -- the command to be executed
b) echo -- the first argument to be passed to the command
c) 1 -- the second argument to be passed to the command (note that bash strips the quotes)
d) /proc/net/ipv4/ip_forward -- the name of the file to redirect output to

2. bash attempts to open up "/proc/net/ipv4/ip_forward" with write access. It fails here, but assuming it could have succeeded, then it would continue...

3. bash executes the command "sudo", passing the arguments "echo" and "1". Any output from this command is processed by bash and is written to "/proc/net/ipv4/ip_forward".

4. When the command "sudo" completes, bash closes the output file and produces a command prompt for user input.

When you put this command in a script, it's still bash doing all this work. The difference is that the instance of bash running the script is a new instance of bash being run by the root user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
alsa work with root or sudo but not user walterbyrd Linux - Hardware 5 10-24-2005 02:53 PM
Running a script as root with sudo without entering the user password kloss Linux - General 8 10-10-2005 12:39 PM
allow sudo for www user to run root shell script cccc *BSD 12 07-23-2005 04:48 PM
adding root permisions to regualr user paul62 Linux - Newbie 6 10-27-2004 02:10 PM
SUDO as *non-root* user spratty Linux - Newbie 3 05-19-2004 04:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration