On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
On 03/01/2010 01:14 PM, Florian Pritz wrote:
On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members of the wheel group. Eliminating the need to type a 14 char pw 10 times a day is a time-saver.
PAM itself should be pretty secure, but what you are trying to achieve isn't. There is a reason behind that password prompt. You don't want anyone who gains access to your account (daemons, scripts, ...) to have root access right away without ever asking for a password. If you don't want to type yours that often use sudo -s.
Ed, Florian,
Thank you for your insight. I guess I should have also included the fact that the box in question sits in my home-office and physical security isn't an issue. Also, there is only one member of the wheel group -- me.
Thinking through the threat scenario, as long as pam is doing its job and only allowing members of the wheel group to su without a password, that limits vulnerability to (1) a pam exploit or (2) privilege escalation by a user to become a member of the wheel group. I see it as pretty minimal, but I guess a good compromise is to revert to a password when then machine goes online, but to enjoy the convenience while I'm setting the box up while it doesn't have any access from the outside.
It worries me to think about the possible security implications, but the lazy side of me sure does like the convenience :p
What would worry me is things like JavaScript exploits and worms - things that you download and then run as yourself, whether intentionally or not. A password prompt will block malware like that, but with no password, you just go owned in one step.