bug or feature?
Rick Stevens
rstevens at vitalstream.com
Fri Dec 5 22:12:58 UTC 2003
nosp wrote:
> On Fri, 2003-12-05 at 18:19, Jess Anderson wrote:
>
>>nosp <nosp at xades.com>:
>>
>>>The PAM authentication that allowed you access the first time
>>>is cached for a period of time.
>>
>>I didn't know that and to me it too seems a misfeature, trading
>>a lot of security ...
>>
>>
>>>If you start a second r-c-n job within that time period you
>>>won't get prompted for a password again.
>>
>>... for a small amount of convenience.
>
>
> I'm sure that the tradeoff of security for convenience is not to be done
> lightly. Before I start speculating, does anyone know the real
> motivation for this decision? I'd like to understand that before making
> up my mind (those who ignore history...).
I think it was something called "laziness".
For my money, it should be a configurable thing:
1) Only grant root privileges for _this_ job
2) Only grant root privileges for "n" minutes on THIS virtual
terminal
3) Only grant root privileges for "n" minutes for this parent
process (e.g. shell session)
with the default being 1, above. In all cases, however, once the
controlling session is dead (logout, whatever), revoke root privileges.
This also needs to be stuffed into the signal handler for any signal
that can terminate a process (SIGSEGV, etc.).
That's my opinion and I'm sticking with it! ;-)
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- You know the old saying--any technology sufficiently advanced is -
- indistinguishable from a Perl script -
- --Programming Perl, 2nd Edition -
----------------------------------------------------------------------
More information about the users
mailing list