This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Reading what should not!


On Mon, Sep 14, 2009 at 4:29 AM, Angelo Graziosi wrote:
> Larry Hall (Cygwin) wrote:
>>
>> This is new behavior with 1.7 and it's there to mimic what one sees in
>> Linux. ÂI can't reproduce your reported results in Fedora 8. ÂFor me, if I
>> am 'root', I can see the contents of 'foo.txt' just fine with the
>> permissions
>> you have set on it.
>
> I do not know how Fedora works, but on Kubuntu the user created when
> installing the SO is also 'root': one need only to use 'sudo...'.

sudo allows non-root users to run commands as root, or to get shells as root.

> After typing the password it 'remains active' Âfor about 15 minute.

"remains active" meaning that the sudo infrastructure remembers that
you have validated yourself to it already, and don't need to do it
again.

> This mean that
> if I use 'sudo less foo.txt' when that pass. is active I do not need to
> retype it, and, as 'root', I can read that file.

You don't need to retype it because sudo remembers that you've typed
it already, so lets you become root anyway.  You can read the file
because you're root - that has nothing to do with the password.  The
password only affects the steps where you're gaining root privileges,
it has nothing to do with what you can do once you have them.

> But if I open a new shell,
> in which the passwd is not yet 'active', trying 'sudo less...' asks for the
> passwd, which looks right to me.

The sudo password caching can be disabled entirely, enabled per-user,
or enabled per-tty (basically per-shell).  sudo can also be configured
to either require the password of the user or the password of root to
launch commands as root.

> Why 'root' should read, for example, private mails of the other simple users
> of that PC?

As Dave Korn said, because he needs to be able to.

You're confusing the process of *becoming* root with what root can do.
 Becoming root requires a password, of course!  On a system where you
become root using sudo, that password is usually the user's password,
but it can also be root's password, depending on the system's config.
But once you've become root, you can do whatever you want, including
deleting every file and directory on the disk, and no one can stop
you.

To prove that the "password becoming active" is just part of the inner
workings of sudo, you could just try out "sudo -i" to get an
interactive shell as root - you'll see that you can "less" the file
just fine, and will continue to be able to for as long as you stay
logged in as root.

~Matt

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]