Subject: That sudo that you do so well...
To: None <>
From: Ed Ravin <>
List: tech-security
Date: 04/26/2002 13:25:40
Thor Lancelot Simon writes:

> On Thu, Apr 25, 2002 at 09:21:57PM -0400, Jan Schaumann wrote:
> > A few weeks ago, there was a somewhat lengthy but informative thread on
> > sage-members regarding su/sudo practices.  I've not yet determined how
> > to access the ML's archive (if it exists), otherwise I could probably
> > give you better examples.

If you are a Usenix member, you can read it at:

> Sudo is both extraneous and dangerous.  When I find that I'm running
> a system that relies on sudo in some way, one of the first things I do is
> remove it.  And I've got to say that after about 15 years running Unix
> systems, I am never particularly impressed with advice or discussion
> from the SAGE types; that they'd advocate using sudo does little to change
> that perception on my part.

Not all of the "SAGE types" advocate sudo - there have been a handful
of papers presented at LISA for what look like vast improvements on the
idea.  One promising project is SUS, which according to the abstract is:

   [...] a system administration tool which allows a user to run
   a command as root or as some other user after authenticating.
   Unlike most other commands of that ilk, SUS attempts to treat
   the command and its arguments as references to system objects,
   and allows for relatively powerful matching on the attributes
   of those objects to determine if the user should or should not
   be allowed to execute the desired command. In addition, SUS has
   a mode to help limit the number of setuid utilities needed to
   provide user services via the web.

On example shown in the paper is that you can allow an unprivileged
user to run chmod as root, but only to change the permissions of files
in a particular directory tree.

The paper is at:
[Usenix membership required]

And you can download it (or read the man pages) at:

Another promising project was presented at LISA '96, called "priv":

	-- Ed