Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Thread beginning with comment 416254
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Not entirely...
by google_ninja on Wed 31st Mar 2010 18:03 UTC in reply to "Not entirely..."
google_ninja
Member since:
2006-02-05

It is the problem though, if you give someone broad sudo priviledges, all it takes is a sudo bug and you effectively have full control. If you do not run as the user with full privileges, it takes a lot more effort. With linux its a fairly moot point though, because the people interested in hacking it are only targeting environments that would never run that way.

Exact same principal for windows. First windows user is in the "administrators" group, but they still need to go through a dialog for something to execute with admin rights. Proper way to do it is not run daily stuff under an admin account, and run things as the admin account as needed.

The problem is that people are so irritated with having to hit "Ok" to run something as admin, they would be even MORE irritated if it required a username/password.

Reply Parent Score: 2

RE[2]: Not entirely...
by TemporalBeing on Wed 31st Mar 2010 21:54 in reply to "RE: Not entirely..."
TemporalBeing Member since:
2007-08-22

It is the problem though, if you give someone broad sudo priviledges, all it takes is a sudo bug and you effectively have full control. If you do not run as the user with full privileges, it takes a lot more effort. With linux its a fairly moot point though, because the people interested in hacking it are only targeting environments that would never run that way.


Users must be part of the 'wheel' group AND be added to /etc/sudousers in order to have access to sudo. Additionally, to use sudo you have to enter your own password. It's not specifically allowed. Once you use it successfully it will let you continue issuing additional commands via more calls to sudo without a password but only for a given amount of time between calls.

'su' doesn't require any group - just that you know the password for that user, root or otherwise.

Exact same principal for windows. First windows user is in the "administrators" group, but they still need to go through a dialog for something to execute with admin rights.


Not quite.

On Linux/Unix there is typically only one administrator user - root. Rarely do you ever add another user to the 'root' group. Instead, you give people the privilege to switch user to the root user using su or sudo. See above.

On Windows you actually add users to the Administrators group. To properly do it the UNIX/Linux way you would not do that, but use the 'runas' command instead. It can be successfully done - I've done it before - but it is a major PITA as Windows is not designed to work that way.

Proper way to do it is not run daily stuff under an admin account, and run things as the admin account as needed.


Under UNIX/Linux, this is how all software is designed to run.

However, Microsoft has historically contributed to pushing for users to need Admin rights in order to use their daily software. Until Office 2002/2003, Office required Admin rights to run. Only recently (VS2005/2008/2010?, not sure which) did Visual Studios drop the requirement for developers to need admin rights in order to debug software.

It's not that administrators did not want to force people to not have admin rights to use their computer. It's that the software available for Windows - even software from Microsoft - required it!

The problem is that people are so irritated with having to hit "Ok" to run something as admin, they would be even MORE irritated if it required a username/password.


It's only a problem so long as software is designed to require admin rights to function.

Vista and Win7 are making a big show of it. You don't see so many issues now with it because either the vendors got smart and updated their software to not need it (which has happened), or (where that was not possible, or available yet to the user) people turned it off; and with Win7 the default level was toned down.

Reply Parent Score: 3

RE[3]: Not entirely...
by strcpy on Thu 1st Apr 2010 04:49 in reply to "RE[2]: Not entirely..."
strcpy Member since:
2009-05-20


'su' doesn't require any group - just that you know the password for that user, root or otherwise.


I don't know which Unix you refer to (probably some weird GNU variant), but this is just plain wrong.


It's only a problem so long as software is designed to require admin rights to function.


My own take on this is that things in Ubuntu (the most popular one, but not the single one, of course) are not that better: a single user is automatically put into the root position. The only thing she needs to do is enter her own password.

It is the same kind of click-click-click -solution than in Windows, downplaying the Unix tradition. But instead of clicking, you type the password. And since we all know how wonderful the concept of password is among the general public ("password123" works in Ubuntu as well as in Facebook and my bank!), it is trivial to exploit.

Edited 2010-04-01 04:51 UTC

Reply Parent Score: 3

RE[3]: Not entirely...
by Flatland_Spider on Thu 1st Apr 2010 12:58 in reply to "RE[2]: Not entirely..."
Flatland_Spider Member since:
2006-09-01

Users must be part of the 'wheel' group AND be added to /etc/sudousers in order to have access to sudo. Additionally, to use sudo you have to enter your own password. It's not specifically allowed. Once you use it successfully it will let you continue issuing additional commands via more calls to sudo without a password but only for a given amount of time between calls.


You don't have to be part of the wheel group to use sudo; you just have to be in the sudousers file. The bulk of my experience is with FreeBSD, Fedora, and RHEL/CentOS, so this could be different, but I don't think it is.

Sudo asking for my password has always bugged me. If it really wanted to secure the system, it should have the ability to use a third password separate from the user or root. I've looked into this before, and I remember this is something sudo was never designed to do. This really should be fixed.

'su' doesn't require any group - just that you know the password for that user, root or otherwise.


I never thought about this, but that's true on Linux.

On FreeBSD, the users need to be part of wheel to su to root, they can still su to other users without additional permissions, but normal users don't have su permissions when first created.

Linux might want to tighten that up.

Reply Parent Score: 2