- This topic has 5 replies, 3 voices, and was last updated Aug 9-1:28 pm by olsztyn.
-
Posts
-
olsztyn
I am experiencing the following security issues. User is ‘demo’ as default with antiX.
– Following initial root authentication required to run certain system functions such as Gparted, no subsequent root authentication is required to run other such system functions requiring root access. Separate root authentication should be required for each function.
– It appears such system-wide root entitlement persists as authenticated for the remainder of the session, after closing all functions requiring root access.
Update to the second bullet: Root privilege appears to expire after some 5 – 15 minutes.I apologize if this issue was discussed in this forum, I was not able to find it. So my question is:
– Is this an intentional design, which would be a setback to antiX security?
– How can this be corrected? Which setting and where?Any help to correct this will be greatly appreciated.
Thanks and Regards…- This topic was modified 2 years, 9 months ago by olsztyn.
- This topic was modified 2 years, 9 months ago by olsztyn.
- This topic was modified 2 years, 9 months ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
Xecure
It is by design. sudo session usually lasts about 15 minutes. I prefere THAT to having to write the password every time, but if you are concernd about this, you can change it.
This article will help:
https://vitux.com/how-to-change-the-time-limit-for-a-sudo-session/- This reply was modified 2 years, 9 months ago by Xecure.
antiX Live system enthusiast.
General Live Boot Parameters for antiX.It is by design. sudo session usually lasts about 15 minutes. I prefere THAT to having to write the password every time, but if you are concernd about this, you can change it.
Thank you Xecure!
So if I set the timeout to 0 then each time I execute a function requiring root privilege it will require a root authentication regardless which function, as I understand from the article… In such case this will solve my issue. I will test shortly but I trust it should work for me…Just to mention, such default of 15 minutes leaving system in root privilege may be convenient for on-going system administration, but for an average user, who after finalizing his environment seldom needs root anymore, this opens 15 minutes window of ultimate vulnerability for antiX.
Out of curiosity I have checked this issue on two other Linux systems at hand: Intel’s Clear Linux and Pop!_OS Linux and such vulnerability does not exist in either. Both require authentication each time a function requiring root privilege is invoked.Thanks very much for prompt help…
Greatly appreciated.Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
anticapitalista
As always there is conflict between security and convenience.
In this case we chose convenience over security.
POP!_OS and Clear Linux probably use policykit authentication (systemd)Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
As always there is conflict between security and convenience.
In this case we chose convenience over security.Yes, indeed…
I am looking at antiX as a user’s system rather than a system dedicated to on-going system administration. Therefore in my case security is important. Thanks to Xecure pointing me to the solution this vulnerability in antiX is closed.
Thanks again Xecure and Best Regards…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersSudo access does typically hold for a session or at least for a period of time after authentication.
As Xecure mentioned root access holds for 15 minutes, regardless what function. This was also my observation.
Edit: This is quoting masinick’s post, which I do not see anymore…
- This reply was modified 2 years, 9 months ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
- You must be logged in to reply to this topic.
