[ On Thursday, April 25, 2002 at 21:21:57 (-0400), Jan Schaumann wrote: ]
> Subject: Re: [lists@globalintersec.com: [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.]
>
> Anyway, I think the main reason sudo is popular is that it prevents
> people from running around as root.  Sure, many of you guys may be
> responsible and always check all your commands you type (or never
> mistype), but sudo to me mainly helps you not do stupid mistakes (that
> do invariably happen).

If the sudo users also have the real root password and they only use
sudo as an extra layer of protection against their own mistakes then
that's perhaps a valid use of sudo.

> Example:  Printer-debugging:

Why do printers have to be administered by root?!?!?!

> Another situation I've found sudo rather helpful is when you have users
> that you want to be able to execute a few select commands that require
> root-privileges, but don't want to create/change groups and
> group-permissions or setuid and setgid programs, but at the same time
> you wouldn't trust that user with full root access.

That's what I mean by lazy.

You'd better be very careful to not only audit their sudo activities,
but also audit all activities done by anyone as root to make sure they
are not overstepping the trust you've granted them.

> Some people argue that with sudo you have a better audit-trail of what's
> going on, as all the commands are syslog'd, but I think that would ony
> apply in an environment where several people manage a large number of
> machines and use sudo exclusively.

It does, but you can't trust that audit trail at all.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>