Subject: Re: [email@example.com: [Global InterSec 2002041701] Sudo
To: Jeremy C. Reed <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 04/25/2002 21:29:43
[ On Thursday, April 25, 2002 at 17:46:31 (-0700), Jeremy C. Reed wrote: ]
> Subject: Re: [firstname.lastname@example.org: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
> What are some safer and easier alternatives for this?
A proper dedicated set-ID program that can't be mis-configured so
easily would be an almost infinitely better alternative than sudo.
Perhaps it wouldn't even have to be set-ID-root if what it does can be
delegated to a special user.
Greg A. Woods
+1 416 218-0098; <email@example.com>; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>