Date: Wed, 21 Jan 2009 02:17:21 -0800 From: Benjamin Lee <ben@b1c1l1.com> To: Tim Judd <tajudd@gmail.com> Cc: questions@freebsd.org, Akenner <SlackWareWolf@comcast.net>, Clifton Royston <cliftonr@lava.net> Subject: Re: Edit user groups Message-ID: <4976F631.7020602@b1c1l1.com> In-Reply-To: <4976A344.3090106@gmail.com> References: <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net> <4976A344.3090106@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig853FD96CB958B05689104F0F Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 01/20/2009 08:23 PM, Tim Judd wrote: [...] > and I recommend against sudo because it's very design is a > man-in-the-middle type of scenario, and one typo by the sudo devs can > possibly make a mess out of things. >=20 > I think sudo makes a lazy admin -- too easy to just run in and hit > something. >=20 > I think sudo is a false sense of security. If a user trusts another, > and give sudo access, why not give the whole OS to them? >=20 > Sudo's out there -- don't get me wrong, but you won't catch me dead wit= h > a box with sudo installed. I think it's a very misleading tool. And > not to say they do -- but what if the devs put in a keygen...do you > monitor the sudo source code? >=20 > And if I remember correctly -- the way sudo gets it's work done is a > SUID bit to root. Those are the devil's eggs that hatch and just cause= > havoc. A rogue CGI calling sudo to do something on the website, buffer= > overflow (with php!) and you've gotten rooted. >=20 > No, no -- I hate sudo for it's own doing. It's going to eat itself ali= ve. >=20 > </rant> No flames please. Have you read through the entire src tree? And the source of every software package you've ever installed? If so, it would be a drop in the bucket to read through sudo as well. I see that you sent your e-mail from a Windows box... P.S. There is a difference between a keygen and a keylogger. --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enig853FD96CB958B05689104F0F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJdvY3AAoJEN/n9makEYThimMQAL0xf0GZu2s70JiZWljVjZ+2 m+AgZfe+MU/MdY/ki2gpnWi7eLQ+nULt5gQuYeI1z4cL6CnpzAK4rxuB18pVh7Yp cDbgHxhfqcFvv7ES/buuZyFo5JwWPyyTwWS1Ozwbp0T1567s1tjGXqtj+C9omc1b vxYrAGM9ydDuT5Mwk/HGdFlBmOfCCxo1drpnZfY4h2zagt6gZ8JbHAyMB/MPvCCp epiZpnPyfcW/FCZWSwesDvTFg8LWdq9sQvgFhjnARdHDT9ELx6moy7e8Io0tNSw4 mevJHtzvx2fHhdxFH7wTyAERh1+Apl/NEhwqPJrxQdqltA1jawhLKXNbapG5lUko EgXpRU8qXmRvgLzHzDY1pqwUruqMo/GZ1YCesN7/in+94ewtBLVT0C9oj6hLUoXY ZnfQaFcLgICaqGAnmmQ9KcQzFqKs1/g0TDCpqo+7YL4uRN+RN4YXEHjzoMEVlIIo EWi38DLwKIFAEm1U8aBXDeoHwyMI4u7mlkrMcWLykpwHxcwJ6d8pCjb0m2Y/rK/K fn4Rbzq94bCgww2ZkhEi2JAO4eblyHBmvs+qd7WaUJAJbs5IRxRkbK3bJ2ZKAxhR idGNZ5bjQXnos1IakXfyhZJFxEcRS3PzHGbm/3aPYvKkuPUbG+LNxW7yl/Zfm9FH icBS2dpqbuHwZAU+L+AO =/vOE -----END PGP SIGNATURE----- --------------enig853FD96CB958B05689104F0F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4976F631.7020602>