[sudo-users] sudo -l semantics

Shawn McMahon syberghost at gmail.com
Thu Jan 2 12:04:17 MST 2014

On Thu, Jan 2, 2014 at 1:57 PM, Alec Leamas <leamas.alec at gmail.com> wrote:

> On 2014-01-02 19:37, Shawn McMahon wrote:
>> The problem is that your use case is an information leakage. It's also a
>> malicious user's use case, and there's no way to detect whether it was a
>> good guy doing it or a bad guy, much less an ostensible good guy doing it
>> for bad reasons.
> I just don't see this (that is not to say it isn't there...): What's the
> difference between prompting for a password or directly return a "You need
> a password to do this" from an information leak point of view?

If you're prompted for a password, you don't know if you would have been
allowed to do it or not, unless you type in that password. This ensures
it's the human user who's asking the question, not some malicious process
of which he's unaware.

If you're told "you can't do that", then a malicious process can test for
commands allowed quickly and efficiently, and make further decisions based
on that information.

More information about the sudo-users mailing list