Because sudo elevates the targeted process to run with administrator-level permission, a prompt will open asking you to verify that you want to continue.
So, Microsoft is explicitely not doing the thing I have issues with in Linux’s default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you’re logged in, the system already knows you know that password and doesn’t need to ask for it again.
As it’s been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.
The windows implementation also is able to be used in the exact same configuration as sudo’s more secure default configuration, on most distributions.
Windows doesn’t pick the most secure configuration for a lot of things out of the box.
They’re working on improving the security and balancing against making it useful for those who refuse to learn new practices.
I didn’t see it mentioned, but several Linux distributions are configured exactly as you prefer.
They aren’t typically meant as enterprise implementations when configured like that.
You seem to be ranting that it’s not set to your preferred less secure preferences or that you won’t add a string to a configuration file to reduce the security.
Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access… still wont protect against someone else doing stuff on your computer tho
No, I’m ranting that the way Windows does it by default is more secure.
Overusing password prompts when they aren’t actually necessary leads to users choosing fast-to-type passwords.
That’s almost always just 1-2 common words with the first letter capitalized, a special character and a 1 at the end.
Which satisfies almost every org’s PW requirements, while being absolutely useless.
Here another opinion based on a lot of experiences and other experts.
You’re wrong.
Yours is not an opinion that is shared by the community at large.
It’s not a practice used at large enterprises that implement increased security* and remove local administrative access on user systems.
It’s not a practice used in secure computing environments.
It’s not supported by a basic search with the terms “entering sudo password less secure”.
As a point you’ve made that is supported by research, passwords aren’t the best solution.
No solution is perfect, passkeys are an option that are being implemented in a lot of places. You can implement that currently if you have the impetus.
Security is a balancing act.
You’re welcome to disable the password prompt for sudo usage on your systems.
What experience and expertise is grounding your opinion on this matter?
What experience and expertise is grounding your opinion on this matter?
I’m Citrix admin at a newspaper where security is locked down tight.
And I feel like you’re still misunderstanding my point. Of course, enterprises with increased security do not grant users admin rights with the push of an OK button.
They don’t grant them at all.
But the admins at my org authenticate once when they log in (with a password, certificate and second factor).
And they may have to ask for or enable temporarily raised rights for some tasks.
But they do not have to enter their same login password again when they do that. Because there just isn’t an attack vector that this would protect against.
Instead, an entirely different login with different password is used, to harden the system against a successful attacker’s lateral movement.
Everything you described is possible using sudo, when configured as desired.
Everything you’ve described is NOT default configuration in Citrix or Windows. I.e. removing local administrative accounts, domain admin accounts with limited permissions and rotating automatically resetting passwords, etc.
I’ve worked for several enterprises that require UAC password for elevation every time it’s needed as the person with elevated permissions (someone who’s smarter than the average user) isn’t expected to write down their passwords in accessible spaces.
Most enterprises are using third party products to manage the same structure you’ve described.
You’re describing how a lot of enterprises are managing authentication when handled by a person. Not out of the box configuration.
Again, it’s a situation that is customized to the usage scenario. What people have suggested you do with your Linux systems.
As noted previously you can configure sudo as desired by the enterprise.
I actually didn’t know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.
But I do see that it seems to make sense to people more knowledgable than me now.
I actually didn’t know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.
There are some paranoid environments, and some feel there is a lot to be paranoid about.
But I do see that it seems to make sense to people more knowledgable than me now.
I’m not claiming to know everything or to be more knowledgeable.
I’m only hoping to persuade you that sudo has benefits, and should be configured for your needs and policies.
Thanks for the great interaction, by the way.
I’m glad we can interact peacefully. I hope you have a great day or night!
So, Microsoft is explicitely not doing the thing I have issues with in Linux’s default sudo implementation.
It asks you for confirmation. It does not ask you for your password.
Because when you’re logged in, the system already knows you know that password and doesn’t need to ask for it again.
As it’s been pointed out in this thread, you can reduce the security of your system by modifying the configuration file and adding the string that makes it perform similarly.
The windows implementation also is able to be used in the exact same configuration as sudo’s more secure default configuration, on most distributions.
Windows doesn’t pick the most secure configuration for a lot of things out of the box.
They’re working on improving the security and balancing against making it useful for those who refuse to learn new practices.
I didn’t see it mentioned, but several Linux distributions are configured exactly as you prefer. They aren’t typically meant as enterprise implementations when configured like that.
You seem to be ranting that it’s not set to your preferred less secure preferences or that you won’t add a string to a configuration file to reduce the security.
It’s your system set it how you like or adapt.
Windows is technically almost as secure though , since the confirmation prompt is displayed on a virtual desktop that even already elevated processes need extra privileges to access… still wont protect against someone else doing stuff on your computer tho
There are methods to use libraries to click that or completely silence it. If a user can escalate so can code that is run in their user space.
One example they claim to be a non issue, in link below. I searched “rce bypass windows uac”… I found lot of discussion on it, even some git repos.
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
No, I’m ranting that the way Windows does it by default is more secure.
Overusing password prompts when they aren’t actually necessary leads to users choosing fast-to-type passwords.
That’s almost always just 1-2 common words with the first letter capitalized, a special character and a 1 at the end.
Which satisfies almost every org’s PW requirements, while being absolutely useless.
Ok. Thanks for expressing an opinion.
Here another opinion based on a lot of experiences and other experts.
You’re wrong.
Yours is not an opinion that is shared by the community at large.
It’s not a practice used at large enterprises that implement increased security* and remove local administrative access on user systems.
It’s not a practice used in secure computing environments.
It’s not supported by a basic search with the terms “entering sudo password less secure”.
As a point you’ve made that is supported by research, passwords aren’t the best solution.
No solution is perfect, passkeys are an option that are being implemented in a lot of places. You can implement that currently if you have the impetus.
Security is a balancing act. You’re welcome to disable the password prompt for sudo usage on your systems.
What experience and expertise is grounding your opinion on this matter?
I’m Citrix admin at a newspaper where security is locked down tight.
And I feel like you’re still misunderstanding my point. Of course, enterprises with increased security do not grant users admin rights with the push of an OK button.
They don’t grant them at all.
But the admins at my org authenticate once when they log in (with a password, certificate and second factor).
And they may have to ask for or enable temporarily raised rights for some tasks.
But they do not have to enter their same login password again when they do that. Because there just isn’t an attack vector that this would protect against.
Instead, an entirely different login with different password is used, to harden the system against a successful attacker’s lateral movement.
Everything you described is possible using sudo, when configured as desired.
Everything you’ve described is NOT default configuration in Citrix or Windows. I.e. removing local administrative accounts, domain admin accounts with limited permissions and rotating automatically resetting passwords, etc.
I’ve worked for several enterprises that require UAC password for elevation every time it’s needed as the person with elevated permissions (someone who’s smarter than the average user) isn’t expected to write down their passwords in accessible spaces.
Most enterprises are using third party products to manage the same structure you’ve described.
You’re describing how a lot of enterprises are managing authentication when handled by a person. Not out of the box configuration.
Again, it’s a situation that is customized to the usage scenario. What people have suggested you do with your Linux systems.
As noted previously you can configure sudo as desired by the enterprise.
I actually didn’t know that elevation with UAC is a thing in (Windows) enterprise, and am still unsure what attack vector it protects against.
But I do see that it seems to make sense to people more knowledgable than me now.
Thanks for the great interaction, by the way.
There are some paranoid environments, and some feel there is a lot to be paranoid about.
I’m not claiming to know everything or to be more knowledgeable. I’m only hoping to persuade you that sudo has benefits, and should be configured for your needs and policies.
I’m glad we can interact peacefully. I hope you have a great day or night!
Actually, no. I just had an emergency alert in on-call service cause there were 3 failed login attempts on one of our fire-walled hosts. 😂