Subject: Re: [email@example.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 04/25/2002 18:06:50
[ On Thursday, April 25, 2002 at 11:26:04 (-0400), Thor Lancelot Simon wrote: ]
> Subject: Re: [firstname.lastname@example.org: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
> On Thu, Apr 25, 2002 at 11:05:29AM -0400, Jan Schaumann wrote:
> > Attached find a patch to include into pkgsrc/security/sudo/patches to
> > fix this problem.
> Shame it doesn't fix the fundamental problem with sudo: it is almost
> impossible to actually set it up so that the access of a sudoer is
> truly restricted. I've almost never walked up to a system with sudo
> installed and spent more than ten minutes looking around before finding
> a way to use sudo to gain unrestricted root access. Heck, many places,
> the most common thing sudo is used for is to run /bin/sh! ;-)
That's true of absolutely every system where I've seen it installed.
> A lot of people don't want sudo; they want su -c and don't know that
> it exists. But with sudo, they get to be deceived into thinking that
> they have somehow increased the security of their systems... not good.
And sudo users are too lazy for their own good.....
Sudo is a security bug waiting for an exploit.
Greg A. Woods
+1 416 218-0098; <email@example.com>; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>