Re: [system-tools] Allowing password-less connexions

[Milan Bouchet-Valat <nalimilan club fr>]

> I am a new reader, so I apologize for any really obvious idiocy upon 
> my part.  Is this feature supposed to make it possible to log in as a
> regular user and do password-free sudo commands? or is it intended to 
> make a basic user a defacto root-user (which would do away with the 
> sudoers log entry for whatever the user might do).  I can see some 
> point to the former but wouldn't they both be security holes waiting 
> for exploit?  Personally, I see the effortless admin access of
> Windows to be one of the major flaws of the windows model.  Yes, I can
> see that this is a voluntary change and everybody should be allowed to
> endanger their home pc as much as they like, but why would one wish to
> encourage linux-based bot-nets?
>
> Wolf Halton
> Computer Security and Penetration Testing (2007)
None of both points!

This feature is intended to allow users that an administrator chooses to
skip the password check when logging locally from GDM (graphical login)
or the screensaver. Then, anybody who's already a physical access to the
desktop will be able to get to the account of this user, be him
unpriviledged or admin.

But then a potential attacker cannot go further: even if the user is an
admin, sudo, gksudo and PolicyKit will require him to enter his password
to perform any admin task. This is how this feature is different from
the weak protection that Windows allows. The only thing you can access
with password-less connection is the user files. And this is only
possible on a local approach: remotely, you can still use ssh securely
and without any hole, using your password.


I hope this solves your concerns