Either I have the right to perform the operation, or I don’t.
If I don’t, ask me for the password of someone who does.
If I do, ask me if I really want to elevate, but don’t make me jump through hoops.
A prompt for my own password is nonsensical at this point.
And it reduces security, cause users choose a simpler password if they have to type it more often.
The prompt for your password is to prevent someone that happens upon your unlocked computer to take it over.
Also I think knowing which commands can be run as superuser by a given user is considered a security issue, hiding that info behind a password prompt should at least help.
You can turn just turn the prompt off by adding NOPASSWD to your account in the sudoers file(s).
When someone has physical access to my unlocked computer, everything is already lost.
Then they have access to all my private files, and the system has to be considered as compromised.
And I know I can turn it off. But the standard that most distros use out of the box asks an already authenticated user to authenticate with the same method again.
Which is a security issue and a usability nightmare. Ideally, you should be prompted for your password so little that you can make it a long passphrase.
yk you can change that in the sudoers file tho right?
you can make it ask for the root user’s password for elevation …
or even make it passwordless but that’s a bad idea
Yes, I know. Everything can be configured differently.
But when the defaults are bad and you have a fleet of VMs to manage instead of just one laptop running Firefox, then it sucks.
Because sudo elevates the targeted process to run with administrator-level permission, a prompt will open asking you to verify that you want to continue.
So, Microsoft is explicitely not doing the thing I have issues with in Linux’s default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you’re logged in, the system already knows you know that password and doesn’t need to ask for it again.
As it’s been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.
The windows implementation also is able to be used in the exact same configuration as sudo’s more secure default configuration, on most distributions.
Windows doesn’t pick the most secure configuration for a lot of things out of the box.
They’re working on improving the security and balancing against making it useful for those who refuse to learn new practices.
I didn’t see it mentioned, but several Linux distributions are configured exactly as you prefer.
They aren’t typically meant as enterprise implementations when configured like that.
You seem to be ranting that it’s not set to your preferred less secure preferences or that you won’t add a string to a configuration file to reduce the security.
Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access… still wont protect against someone else doing stuff on your computer tho
No, I’m ranting that the way Windows does it by default is more secure.
Overusing password prompts when they aren’t actually necessary leads to users choosing fast-to-type passwords.
That’s almost always just 1-2 common words with the first letter capitalized, a special character and a 1 at the end.
Which satisfies almost every org’s PW requirements, while being absolutely useless.
to me all sudo features make absolutely sense (except for too loose wildcard handling), also from a security point of view. if you dislike how its ‘default’ settings for your distro are like, change them to your needs or seek a distro that fits your needs. other way is dont use sudo, login as root directly, nothing hinders you (maybe your distros default setup that does not assume root login, then you’ld have to give root a password maybe) or write your own sudo alike security system if you like.
if you dislike security at all, do everything directly as root (also web browsing), put nopasswd foe your user into your sudoers file or go to puppy linux (afair there is only the root user and thus no boundary between user and root) but as soon as you encounter any Problems related to user-was-also-root, you ‘might’ have wanted such features … afterwards then ;-)
simple reasons to let the user input his password before running things with higher privileges:
trigger the user to start the brian activity called ‘thinking’ before beeing allowed to go on.
user uses a webbrowser that could be RCE’d by some webpage to execute a shell then running anything as root on your machine.
Either I have the right to perform the operation, or I don’t.
If I don’t, ask me for the password of someone who does.
If I do, ask me if I really want to elevate, but don’t make me jump through hoops.
A prompt for my own password is nonsensical at this point.
And it reduces security, cause users choose a simpler password if they have to type it more often.
The prompt for your password is to prevent someone that happens upon your unlocked computer to take it over. Also I think knowing which commands can be run as superuser by a given user is considered a security issue, hiding that info behind a password prompt should at least help.
You can turn just turn the prompt off by adding NOPASSWD to your account in the sudoers file(s).
Pro-tip: Don’t turn off the password requirement.
Pro-tip: Don’t use sudo
Always login as root then?
Or, you know, only when you’re doing root things?
When someone has physical access to my unlocked computer, everything is already lost.
Then they have access to all my private files, and the system has to be considered as compromised.
And I know I can turn it off. But the standard that most distros use out of the box asks an already authenticated user to authenticate with the same method again.
Which is a security issue and a usability nightmare. Ideally, you should be prompted for your password so little that you can make it a long passphrase.
yk you can change that in the sudoers file tho right?
you can make it ask for the root user’s password for elevation … or even make it passwordless but that’s a bad idea
Yes, I know. Everything can be configured differently.
But when the defaults are bad and you have a fleet of VMs to manage instead of just one laptop running Firefox, then it sucks.
You might be interested to know, there are tools for managing fleets of hardware and virtual machines.
You seem to think it’s a bad thing. The rest of the industry understands and benefits from it.
Sudo is a useful solution that Microsoft is working to build into Windows.
https://learn.microsoft.com/en-us/windows/sudo/
also, nix :3
So, Microsoft is explicitely not doing the thing I have issues with in Linux’s default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you’re logged in, the system already knows you know that password and doesn’t need to ask for it again.
As it’s been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.
The windows implementation also is able to be used in the exact same configuration as sudo’s more secure default configuration, on most distributions.
Windows doesn’t pick the most secure configuration for a lot of things out of the box.
They’re working on improving the security and balancing against making it useful for those who refuse to learn new practices.
I didn’t see it mentioned, but several Linux distributions are configured exactly as you prefer. They aren’t typically meant as enterprise implementations when configured like that.
You seem to be ranting that it’s not set to your preferred less secure preferences or that you won’t add a string to a configuration file to reduce the security.
It’s your system set it how you like or adapt.
Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access… still wont protect against someone else doing stuff on your computer tho
No, I’m ranting that the way Windows does it by default is more secure.
Overusing password prompts when they aren’t actually necessary leads to users choosing fast-to-type passwords.
That’s almost always just 1-2 common words with the first letter capitalized, a special character and a 1 at the end.
Which satisfies almost every org’s PW requirements, while being absolutely useless.
to me all sudo features make absolutely sense (except for too loose wildcard handling), also from a security point of view. if you dislike how its ‘default’ settings for your distro are like, change them to your needs or seek a distro that fits your needs. other way is dont use sudo, login as root directly, nothing hinders you (maybe your distros default setup that does not assume root login, then you’ld have to give root a password maybe) or write your own sudo alike security system if you like.
if you dislike security at all, do everything directly as root (also web browsing), put nopasswd foe your user into your sudoers file or go to puppy linux (afair there is only the root user and thus no boundary between user and root) but as soon as you encounter any Problems related to user-was-also-root, you ‘might’ have wanted such features … afterwards then ;-)
simple reasons to let the user input his password before running things with higher privileges: