On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin <drankinatty@xxxxxxxxxxxxxxxxxx> wrote: > On 03/01/2010 01:14 PM, Florian Pritz wrote: >> On 03/01/2010 07:58 PM, David C. Rankin wrote: >>> As the comment says, the entry causes pam to implicitly trust members of the >>> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a >>> time-saver. >> >> PAM itself should be pretty secure, but what you are trying to achieve >> isn't. There is a reason behind that password prompt. You don't want >> anyone who gains access to your account (daemons, scripts, ...) to have >> root access right away without ever asking for a password. If you don't >> want to type yours that often use sudo -s. >> > > Ed, Florian, > > Thank you for your insight. I guess I should have also included the fact that > the box in question sits in my home-office and physical security isn't an issue. > Also, there is only one member of the wheel group -- me. > > Thinking through the threat scenario, as long as pam is doing its job and only > allowing members of the wheel group to su without a password, that limits > vulnerability to (1) a pam exploit or (2) privilege escalation by a user to > become a member of the wheel group. I see it as pretty minimal, but I guess a > good compromise is to revert to a password when then machine goes online, but to > enjoy the convenience while I'm setting the box up while it doesn't have any > access from the outside. > > It worries me to think about the possible security implications, but the lazy > side of me sure does like the convenience :p What would worry me is things like JavaScript exploits and worms - things that you download and then run as yourself, whether intentionally or not. A password prompt will block malware like that, but with no password, you just go owned in one step.
