Re: S/Key keyinit(1) authentication (lack thereof) + sudo(1)

[wietse () porcupine org (Wietse Venema)]

If an operator leaves his/her terminal unattended, then a miscreant
can plant any number of trojan horses to gain future root access.

The possibilities for getting future root access are not limited
to skeyinit + sudo. To begin with, any trojan horse will suffice
that captures the operator's plain-text password. Then there are
cron and at, which give the equivalent of operator terminal access.

Therefore, adding a password challenge to skeyinit is not sufficient.
The fix, at least for today's versions of FreeBSD, is for operators
not to leave their terminal unattended.

        Wietse

Frank Tobin:
> Summary: keyinit(1)'s lack of authentication creates severe
>          authentication issues, especially when used in combination
>          with programs such as sudo(1).
>
> Affected Systems: FreeBSD-stable (older?), and other systems that use
>                   S/Key, especially in combination with sudo(1)
>
> Solution Summary: Disable S/Key in favor of OPIE
>                   or patch keyinit(1) to require authentication
>                   or do not use sudo(1)
>
> History:
>
> I brought up this matter a few years ago on freebsd-security
> (http://www.freebsd.org/cgi/getmsg.cgi?fetch=430991+433795+/usr/local/www/db/text/1999/freebsd-security/19990926.freebsd-security),
> with no response, but at the behest of others during a demonstration I
> gave recently, I'm prompted to bring this up again.