Re: Could sudo be an security issue?

To: debian-security@lists.debian.org
Subject: Re: Could sudo be an security issue?
From: Phillip Hofmeister <plhofmei@ip3inc.com>
Date: Fri, 16 May 2003 08:42:50 -0400
Message-id: <20030516124250.GA8596@ip3inc.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <87r870e6hx.fsf@perdita.strul.nu>
References: <Pine.LNX.4.53.0305150904530.14598@rave.its.vu.edu.au> <87r870e6hx.fsf@perdita.strul.nu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 15 May 2003 at 02:31:22PM +0200, Torbjorn Pettersson wrote:
> Compare this with a secure, locked down root password in a
> sealed letter in a safe somewhere that only you now what it is,
> but everyone know were to find in an emergency + sudo + a sane
> password aging policy.

Or, assuming all the admins have gpg, encrypt the root password with
everyone's key, and stick it on a common file share.  If it is needed
they will pull it down to their workstation and decrypt it.  Likely to
be more secured against local attacks than a seal envelope.

- -- 
Phillip Hofmeister
Network Administrator/Systems Engineer
IP3 Inc.
http://www.ip3security.com

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #222: Telecommunications is downshifting. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+xNzES3Jybf3L5MQRAmsOAJ9/AsFNdc6MrN0YW7vVHUnZ8HMHVACZAVnF
nXu7Re1EAWQzPqIlHjT80Bk=
=Qdem
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Could sudo be an security issue?
  - From: Torbjorn Pettersson <tobbe@strul.nu>

References:
- Could sudo be an security issue?
  - From: Stewart James <stewart.james@vu.edu.au>
- Re: Could sudo be an security issue?
  - From: Torbjorn Pettersson <tobbe@strul.nu>

Prev by Date: Yet anothe r"have i been hacked" alert
Next by Date: Re: Setting up VPN's
Previous by thread: Re: Could sudo be an security issue?
Next by thread: Re: Could sudo be an security issue?
Index(es):
- Date
- Thread