I was reading Ubuntu's documentation about root/sudo when I came across the following:
-
Isn't sudo less secure than su?
The basic security model is the same, and therefore these two systems share their primary weaknesses. Any user who uses su or sudo must be considered to be a privileged user. If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so.
How can an attacker gain root privileges the next time the user does? Assuming sudo is disabled.
Best Answer
Although sudo is commonly used together with su command, thinking sudo su is the only way to do is a mistake.
sudo has many options for setting what to execute by who (ether user of group of users) on which host. A fine-grained sudoers file (or LDAP entry, if sudo-ldap is involved) together with a clever mind of a sysadmin can end up in rules which may not compromise system security even the user account has been compromised.
let's see a real-word example:
$ sudo -l User exampleuser may run the following commands on this host: (root) /opt/xmldns/gen.sh (root) /usr/bin/make -C /root/admin (root) /usr/sbin/xm list, /usr/sbin/xm dmesg (root) /usr/sbin/zorpctl stop, /usr/sbin/zorpctl start, /usr/sbin/zorpctl status (root) /etc/init.d/apache status, /etc/init.d/apache stop, /etc/init.d/apache start (root) /usr/local/bin/protodump.sh httpreq (root) /usr/sbin/xm console $If one does not let user sudo-exec su/bash or other shell neither directly (sudo su) nor indirectly (letting an editor spawn with root, which could be used to spawn shell - in this case, root), sudo is a friend of a system administrator and users too.
Returning to the question in topic, if sudo is disabled and su is the only way becoming root on a system, one would plant a fake su command (for example in ~/.../fakesu) and an alias like alias su='~/.../fakesu' in the rc file of the user's login shell.
In this case a simple su command (raise hands, who uses /bin/su for invoking) would end up calling the fakesu command, which may capture the password.