PlanetLab Creates a More Advanced Sudo 153
angry tapir writes "Researchers at the PlanetLab global research network have developed a potential replacement for the widely used Unix sudo tool, called Vsys, that will offer administrators far greater control over what end users can and can't access. Vsys is similar to sudo, except it offers finer-grained access to system resources. PlanetLab created Vsys as a way to allow its researchers to access low-level network functionality so they could develop new network technologies — overlay networks, user-level file systems, virtual switches — while their experimental work remained safely isolated from other users."
Executable configuration? (Score:4, Insightful)
With Vsys, administrators can create scripts, called extensions, that can carefully detail which user actions are permissible. Extensions can be written in any programming language. The extensions are executable files.
I'm sure it's flexible, but wouldn't executable configuration be a potential source of programming errors, and thus an additional attack vector? If the extension is done correctly I assume all is well, but how do you make sure it is? Or are you better off using SELinux? (Which isn't user friendly either, but at least paranoid...)
Re:Executable configuration? (Score:4, Insightful)
So they are trying to segregate the capabilities of various users over many nodes in a cluster, whom they rent time to in a shared system. So there you have it. If you are trying to rent time in a shared cluster to network researchers, this is the tool for you!!
Re:Most admins ignore sudo's granularity (Score:2, Insightful)
I don't know about most *nix systems admins, but I use root.
I'm not moron, I am neurotic about copious backups during work, I make the most of my development servers prior to pushing to the production servers, and am not generally susceptible to asking for problem solutions on-line and just assuming the rm -rf * is the solution to my problems (and it doesn't work with Windows...).
Seriously, do most admins really use sudo? I don't believe it.
Indeed there are a number of Linux distros that almost require it. I don'r use them.
Re:Most admins ignore sudo's granularity (Score:4, Insightful)
Re:I don't need more. (Score:5, Insightful)
If you knew what sudo does, you wouldn't have written this:
Subject to race conditions -- lame (Score:5, Insightful)
Folks,
Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:
http://www.watson.org/~robert/2007woot/ [watson.org]
--Paul