[sudo-users] sudo -l semantics
Alec Leamas
leamas.alec at gmail.com
Thu Jan 2 12:33:37 MST 2014
On 2014-01-02 20:04, Shawn McMahon wrote:
> On Thu, Jan 2, 2014 at 1:57 PM, Alec Leamas <leamas.alec at gmail.com> wrote:
>
>> On 2014-01-02 19:37, Shawn McMahon wrote:
>>
>>> The problem is that your use case is an information leakage. It's also a
>>> malicious user's use case, and there's no way to detect whether it was a
>>> good guy doing it or a bad guy, much less an ostensible good guy doing it
>>> for bad reasons.
>>>
>> I just don't see this (that is not to say it isn't there...): What's the
>> difference between prompting for a password or directly return a "You need
>> a password to do this" from an information leak point of view?
>
> If you're prompted for a password, you don't know if you would have been
> allowed to do it or not, unless you type in that password. This ensures
> it's the human user who's asking the question, not some malicious process
> of which he's unaware.
>
> If you're told "you can't do that", then a malicious process can test for
> commands allowed quickly and efficiently, and make further decisions based
> on that information.
>
Yes, if you could apply this for different commands, and get a reply. I
have not suggested this. M y idea is rather about the meta-question:
"Am I allowed to ask?" and get an answer to that one without a prompt.
It would fix my usecase, and I'm to dumb to see the catch...
--alec
More information about the sudo-users
mailing list