comp.os.linux.networking

Ignoramus10392 writes:
> On 2008-04-07, Todd H. wrote:
>> Ignoramus10392 writes:
>>
>>>> You did not understand him. Disallow root logins. Then you can get in as
>>>> yourself and then su or sudo to root.
>>>
>>> automatically from a script?
>>
>> That's an orthogonal question to the whole ssh discussion if your
>> script is executing on the local box.
>>
>> If you need to remotely do things on another box logging in a root
>> with ssh and avoiding any password entry, doing public key auth to a
>> role account (e.g. myscriptrunner as an account name) and then
>> configuring sudo to allow the user myscriptrunner to run whatever
>> command you need without entering the root password in /etc/sudoers is
>> the way to go. Then as myscriptrunner the script would invoke sudo
>> /usr/bin/whatever to run as root.
>
> Yes, I need to do it remotely. What I do is I first update the zone
> files with cvs update (as regular user), and then I sighup the
> nameserver as root.
>
> I think that your idea is good, however:
>
> The problem is that, even without root logon, hacking my personal
> account means inevitable root access, because root runs my scripts. So
> the value of isolating those root commands, is very limited.

If your account is only NOPASSWD enabled to run your specific scripts
(and there's nothing keeping that HUPping of the nameserver from being
put into a one line script owned and writeable only by root), your
scripts are written decently, and "your" scripts are ACL'd to not be
modifiable by your user account (e.g. owned by and writable by root,
not writeable by group or other), you've at least contained what they
can do as root with your compromised user account.

Well, assuming there aren't unpatched local privelege escalation
issues on your system, or loose file permissions elsewhere that'd lead
to an escalation. In which case the compromise of any local user
account is game over.

Best Regards,
--
Todd H.
http://www.toddh.net/