Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

sudo broken by design (was: Problems with packages on a netbsd-6 sparc)



At Fri, 18 May 2012 00:33:28 -0400 (EDT), Mouse 
<mouse%Rodents-Montreal.ORG@localhost> wrote:
Subject: Re: Problems with packages on a netbsd-6 sparc
> 
> Greg A. Woods wroge:
> >
> > or maybe sudo should just be thrown in the trash and left there
> > :-)
> 
> That's what I would do with it.  I once looked at setting up sudo for
> one of my paid jobs.  Here's the report I wrote for the person who
> asked me to set it up

Couple all that with the fact there have been at least 18 serious
security bugs in sudo itself (never mind with how naive people can
trivially configure it to be a barn without any doors).....

The very concept of it is extremely flawed IMNSHO.  It's a silly hack
created by someone who didn't properly understand the Unix security
model and since then it's been hacked on to add even more anti-security
features than one could ever imagine.

Of course even without it there are far too few people who fully
understand the true implications of just being allowed to run "su".

-- 
                                                Greg A. Woods
                                                Planix, Inc.

<woods%planix.com@localhost>       +1 250 762-7675        http://www.planix.com/

Attachment: pgpzNMhnCYAhD.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index