|
|
|
|
|
|
by LukeShu
3547 days ago
|
|
|
Sure, giving the password to an application is a mess. Because if the application is compromised, the attacker now has the application's sudo password (ie, the vuls user's password, not the root password), and that's a bad deal. But just having it NOPASSWORD wide open is strictly worse. A knee-jerk reaction is to avoid passwords because it's another attack surface that can be broken open, but in this case just getting rid of it is strictly worse. With SSH, disabling password auth is turning the locked door into a solid brick wall. With this, NOPASSWORD is taking the door off the hinges because you are afraid of someone picking it. |
|
|