|
Grex > Oldcoop > #363: The Temporary Cross Root Incident Item | |
|
| Author |
Message |
| 25 new of 128 responses total. |
cross
|
|
response 75 of 128:
| 
Sep 26 23:44 UTC 2006 |
Oh, okay.
|
arthurp
|
|
response 76 of 128:
|
Oct 1 04:17 UTC 2006 |
I guess I'll preach for a while.
Does everyone remember from math that if a=b and b=c then a=c?
On a UNIX like system such as Grex giving root access for a few seconds
can result in myriad difficult to detect changes to the system. Some of
these could be backdoor access, or data destruction. I must say again
that these things can happen very quickly. Perhaps tiny fractions of a
second.
Among staff it is pretty well known that STeve is particularly expert
and active with regard to security.
Given the above I would expect STeve to react quickly with sufficient
force to *ensure* reduction in security breach to any situation which
seemed to be a breach, and then continue to act to investigate, clarify,
gather evidence, and resolve the situation with coordination with other
staff and the Board.
As a Computer Security Specialist with clients that include Banks,
Universities, accounting firms, and etc I'll tell you that these are the
facts.
Now come my opinions.
STeve was correct with respect to his technical actions. Perhaps he was
a little harsh with some of his words, but knowing what I know about
staff procedures as a former staffer myself, and seeing the wording used
in the discussion I see how in the situation STeve could have taken
things to be 'playing dumb'. Not that I think that was happening, but
that he could have.
With the above foundation about computer security I think that STeve did
things right. That he didn't make any mistakes. And that nearly all
the posts in this and other items amount to political powerplaying to
gather support for a position from people who have little to no
understanding of the details and methods of systems management.
The correct way to handle this would be between the parties concerned.
That list would be: Board; Staff; Cross; Spooked. Any person schooled
in leadership and management knows this. The motion to change the
wording of the relevant policy is a separate issue that rightly belongs
in COOP. Since some people have chosen to step outside normal
management practices and engage in juvenile sympathy gathering I feel I
can no longer keep quiet on this and must explain some of the normal
practices for situations like this so that we might all behave with more
professionalism next time something happens that needs resolving.
Thank you STeve for trying so hard to keep Grex secure from all sorts of
security threats be they real active situations, abstract potential
eventualities, or possible vague incidents.
|
mcnally
|
|
response 77 of 128:
|
Oct 1 04:41 UTC 2006 |
re #76:
> On a UNIX like system such as Grex giving root access for a few
> seconds can result in myriad difficult to detect changes to the
> system. Some of these could be backdoor access, or data destruction.
> I must say again that these things can happen very quickly. Perhaps
> tiny fractions of a second.
By that argument once cross had had root access it was much too
late for STeve's revocation of root access to fix the problem.
Your statement seems to me to be working at cross-purposes (no pun
intended) to your argument.
> Among staff it is pretty well known that STeve is particularly
> expert and active with regard to security.
It is?
Without minimizing STeve's skills or his contributions to Grex,
I'd have to say I'm not aware of any special expertise he has in
this area. He has strongly- held opinions on the subject and has
a considerable body of experience as a professional sysadmin,
but I don't agree that that's the same as "particularly expert."
I've had a rather busy and stressful couple of weeks and can't
recall at the moment if I've previously made my opinion on this
incident clear but in my opinion mic made a relatively minor error
in judgment and STeve acted in a way that I think speaks volumes
about his attitude towards grex and towards other staff members.
While I don't doubt that his intentions were to protect Grex from
what he perceived as a threat, I think his actions demonstrate a
proprietary feeling towards Grex's admin privileges that I'm not
entirely comfortable with.
|
arthurp
|
|
response 78 of 128:
|
Oct 1 05:18 UTC 2006 |
STeve acted in response to an apparent security incident. This requires
immediate and strong response.
Dan et. al. did not. The two situations are completely different and
not interchangeable. What you are saying is that if I gain root somehow
and put my name in group wheel then it is too late for someone to revoke
my new rights as a member of staff.
How can so many people fail to understand the difference between system
administration and security response. Again, system admin is a team
effort and is not time critical. Security response is time critical
beyond the limits of most people's imagination which necessarily makes
it an individual effort.
|
mcnally
|
|
response 79 of 128:
|
Oct 1 05:42 UTC 2006 |
re #78:
> What you are saying is that if I gain root somehow and put my name
> in group wheel then it is too late for someone to revoke my new rights
> as a member of staff.
If I cannot know for certain that your intentions are not malicious
then it is, in fact, too late for someone to effectively re-secure the
system simply by revoking your membership in the staff & wheel groups.
That's one reason I'm kind of puzzled by STeve's reaction. On the one
hand if he didn't believe that mic and cross were out to harm the system
then his approach seems like a ham-handed overreaction. On the other
hand if he did believe that mic and cross were a threat to the system
then the steps he took to "secure" grex after discovering the situation
(which wasn't particularly hidden to begin with) were totally inadequate.
> How can so many people fail to understand the difference between system
> administration and security response. Again, system admin is a team
> effort and is not time critical. Security response is time critical
> beyond the limits of most people's imagination which necessarily makes
> it an individual effort.
I've got an even worse problem -- I can't even understand what it is
you're trying to say above.
You appear to be arguing that in response to a security breach, immediate
action is required to restore the security of the system and that STeve
was therefore correct to act unilaterally without waiting for the board
to sort things out. I don't particularly disagree with that if that's
what you're saying, but frankly what STeve did really doesn't begin to
come close to re-securing a breached system, about the only attackers it
would actually be effective against were people who weren't attacking in
the first place.
|
naftee
|
|
response 80 of 128:
|
Oct 1 06:15 UTC 2006 |
i'm with mike.
re 76 You're acting as if this were a system where the board and staff total
about a hundred different technicians who don't know themselves that well.
GreX just isn't that. It's a community where a lot of the staffers happen
to know each other in person.
|
spooked
|
|
response 81 of 128:
|
Oct 1 13:41 UTC 2006 |
A couple of things, there was no security threat -- any non-moron can see
this.
STeve's response was worse than my actions. It was inappropriate, and
quite frankly rude!
If I or Dan wanted to harm the system, it would have been done long ago.
STeve's actions, and more important, his words - and lack there of - since
the episode have hurt Grex much more than me taking an innocent
initiative.
Just my 2c.
|
other
|
|
response 82 of 128:
|
Oct 1 14:16 UTC 2006 |
I think arthurp is misapplying a legitimate point.
|
cross
|
|
response 83 of 128:
|
Oct 1 20:48 UTC 2006 |
Regarding #82; I agree with Eric. Arthurp's argument doesn't fit this
situation particularly well.
And, with respect to #76; "juvenile sympathy gathering" - are you serious?
|
drew
|
|
response 84 of 128:
|
Oct 2 02:34 UTC 2006 |
I don't know how it is on Grex, but on my Linux system in the
sudoers man page I found a few options that may be of help here.
To wit:
Defaults
--------
mail_always Send mail to the mailto user every time a users runs sudo.
This flag is off by default.
Turn it ON.
mailto Address to send warning and error mail to. The address
should be enclosed in double quotes (") to protect against
sudo interpreting the @ sign. Defaults to root.
This one should be set to a mailing *list*. The list should include
accounts held by all board and staff members on systems *other than
grex*. (I have a bunch of gmail invites if anybody needs some.) And for
good measure, add to the list an account on a machine on the same
network as the grex machine, in the same room, which is otherwise NOT
connected to the internet. (eg, you have to goto the Co-lo building and
sit down at it to login to it.)
logfile Path to the sudo log file (not the syslog log file). Set-
ting a path turns on logging to a file; negating this
option turns it off.
Send this one, also, to another machine, via NFS or similar network
file sharing. Said system will be charged with the task of backing this
file up every 5 seconds or whatever is appropriate, and|or otherwise
keeping it from being deleted or overwritten. (Allow append only.)
In this manner, a user in group wheel can still do anything he likes,
including install back doors, and even stop sudo from keeping such logs.
But by the time he does, if the logs and notices get sent offsystem, the
cat will be out of the bag, and everyone will know who to hold responsible.
Also, just for fun:
lecture This option controls when a short lecture will be printed
along with the password prompt. It has the following pos-
sible values:
never Never lecture the user.
once Only lecture the user the first time they run sudo.
always Always lecture the user.
If no value is specified, a value of once is implied.
Negating the option results in a value of never being used.
The default value is once.
lecture_file
Path to a file containing an alternate sudo lecture that
will be used in place of the standard lecture if the named
file exists.
And one that especially appeals to me:
insults If set, sudo will insult users when they enter an incorrect
password. This flag is off by default.
|
spooked
|
|
response 85 of 128:
|
Oct 2 02:57 UTC 2006 |
I hereby wish to resign, effective immediately, from Grex staff.
There are a few main reasons for my decision:
(1) Good judgement and initiative are discouraged. Autocratic, zealous,
egotistical behaviours are favoured.
(2) Very little good work is done by Grex staff, because of the
repercussions and discentive caused by (1).
(3) Grex (and particularly the one or two staff who spoil staff) are
backward thinking - exaggerating their own personal importance, and
having no vision or passion for a better Grex.
(4) I find the sheep on staff who follow the zealots on staff (because
they have no conviction or vision of their own) pathetic.
I will now remove myself from groups staff and wheel.
|
nharmon
|
|
response 86 of 128:
|
Oct 2 03:02 UTC 2006 |
So who does that leave us with?
|
naftee
|
|
response 87 of 128:
|
Oct 2 03:05 UTC 2006 |
steVE.
This is indeed sad news. It sucks that you've left, spooked.
|
tod
|
|
response 88 of 128:
|
Oct 2 03:21 UTC 2006 |
Thanks for your time, spooked. I appreciate your and Mike's opinions and hope
both of your opinions continue to be voiced.
|
spooked
|
|
response 89 of 128:
|
Oct 2 03:25 UTC 2006 |
Just to leave no doubt about my wording in (1) by zealous (being a zealot)
I mean an extremist, a crank and a bigot (not to be confused with
enthusiastic and positive visionary intent).
|
tod
|
|
response 90 of 128:
|
Oct 2 03:30 UTC 2006 |
I think "discentive" was the clearest one word explanation. In a better
world, the Board of Directors would recognize these gentlemen and give them
a formal thank you up to and including a certificate of participation and
thanks as well as an annual membership at no cost. I don't think I'm out of
line at suggesting this.
|
spooked
|
|
response 91 of 128:
|
Oct 2 03:45 UTC 2006 |
disincentive -- better?
Not sure what you mean in resp:90 Tod.
|
tod
|
|
response 92 of 128:
|
Oct 2 03:55 UTC 2006 |
re #91
Well Mic, I'm referring to the recent events.
|
spooked
|
|
response 93 of 128:
|
Oct 2 06:27 UTC 2006 |
I don't think any money or free bonus should be given.
It should and would be a pleasure working on staff if certain staffers
wouldn't spoil it for everyone - current and wannabes.
|
tod
|
|
response 94 of 128:
|
Oct 2 16:57 UTC 2006 |
re #93
Mic, I think everyone interested in Grex would probably like to see staff
given a bit of recognition after volunteering for a period of time. I
understand its not what motivates a person to be on staff (or I would hope
that wouldn't be the case.)
|
keesan
|
|
response 95 of 128:
|
Oct 2 18:17 UTC 2006 |
Would an apology from a certain staffer help to persuade a couple of other
staffers not to resign?
|
tod
|
|
response 96 of 128:
|
Oct 2 19:07 UTC 2006 |
I think this is the sort of notable situation that requires Board involvement.
|
cross
|
|
response 97 of 128:
|
Oct 2 19:30 UTC 2006 |
Two staff members resigning in a single day. Yeah, something is definitely
rotten in the state of grex.
|
spooked
|
|
response 98 of 128:
|
Oct 3 22:06 UTC 2006 |
I feared an apology would be beyond the man - I said this way back.
It has proven correct.
Again, pompous - managerial smuck.
|
mcnally
|
|
response 99 of 128:
|
Oct 3 23:31 UTC 2006 |
Although I think some things about the way staff works could
be changed to help encourage more participation from other
potential staff members and although I think the recent
incident could have been handled much better, I do not feel
personally offended by anything that happened and would not
be moved to reconsider by an apology when no offense was
offered me. Mic's entitled to feel differently, of course,
and I expect he does -- his situation is totally different..
As for my own reasons -- I promise I'll try to explain them
later, but right now my time is limited by circumstances in
my personal life (which is, itself, one of my major reasons.)
In the meantime I would appreciate it if people would not use
my departure from staff as an extra club to beat up on STeve
because although I disagree with him in some cases about how
the system should be managed (as is only natural -- different
people have different approaches..) my decision is not primarily
motivated by those differences of opinion.
|