Timeline for Any program like `sudo` to gain root by having two users enter a password?
Current License: CC BY-SA 3.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 24, 2011 at 15:48 | comment | added | EightBitTony | One person has to convince one person they're trustworthy and they can abuse access. They either have to convince you (you give them root) or they have to convince the other person who has the other half of the key. In both cases you're screwed, in both cases, they convinced one person to trust them. | |
| Jun 24, 2011 at 14:20 | comment | added | Daniel Böhmer | Well, I understand your opinion but for me a single person is less trustworthy than two persons working together. If a person's probability of hijacking the server is 0<p<1 one could even mathematically proof that binding two accounts decreases overall hijack probability;-) In the extreme case of 5 passwords needed for server with 5 users (k=n) nobody could get access to a root shell without everybody else noticing. A little impractical, sure... ;-) | |
| Jun 24, 2011 at 14:01 | history | answered | EightBitTony | CC BY-SA 3.0 |