Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Jan 2009 02:17:21 -0800
From:      Benjamin Lee <ben@b1c1l1.com>
To:        Tim Judd <tajudd@gmail.com>
Cc:        questions@freebsd.org, Akenner <SlackWareWolf@comcast.net>, Clifton Royston <cliftonr@lava.net>
Subject:   Re: Edit user groups
Message-ID:  <4976F631.7020602@b1c1l1.com>
In-Reply-To: <4976A344.3090106@gmail.com>
References:  <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net> <4976A344.3090106@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig853FD96CB958B05689104F0F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 01/20/2009 08:23 PM, Tim Judd wrote:
[...]
> and I recommend against sudo because it's very design is a
> man-in-the-middle type of scenario, and one typo by the sudo devs can
> possibly make a mess out of things.
>=20
> I think sudo makes a lazy admin -- too easy to just run in and hit
> something.
>=20
> I think sudo is a false sense of security.  If a user trusts another,
> and give sudo access, why not give the whole OS to them?
>=20
> Sudo's out there -- don't get me wrong, but you won't catch me dead wit=
h
> a box with sudo installed.  I think it's a very misleading tool.  And
> not to say they do -- but what if the devs put in a keygen...do you
> monitor the sudo source code?
>=20
> And if I remember correctly -- the way sudo gets it's work done is a
> SUID bit to root.  Those are the devil's eggs that hatch and just cause=

> havoc.  A rogue CGI calling sudo to do something on the website, buffer=

> overflow (with php!) and you've gotten rooted.
>=20
> No, no -- I hate sudo for it's own doing.  It's going to eat itself ali=
ve.
>=20
> </rant>  No flames please.

Have you read through the entire src tree?  And the source of every
software package you've ever installed?  If so, it would be a drop in
the bucket to read through sudo as well.

I see that you sent your e-mail from a Windows box...

P.S. There is a difference between a keygen and a keylogger.


--=20
Benjamin Lee
http://www.b1c1l1.com/


--------------enig853FD96CB958B05689104F0F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJdvY3AAoJEN/n9makEYThimMQAL0xf0GZu2s70JiZWljVjZ+2
m+AgZfe+MU/MdY/ki2gpnWi7eLQ+nULt5gQuYeI1z4cL6CnpzAK4rxuB18pVh7Yp
cDbgHxhfqcFvv7ES/buuZyFo5JwWPyyTwWS1Ozwbp0T1567s1tjGXqtj+C9omc1b
vxYrAGM9ydDuT5Mwk/HGdFlBmOfCCxo1drpnZfY4h2zagt6gZ8JbHAyMB/MPvCCp
epiZpnPyfcW/FCZWSwesDvTFg8LWdq9sQvgFhjnARdHDT9ELx6moy7e8Io0tNSw4
mevJHtzvx2fHhdxFH7wTyAERh1+Apl/NEhwqPJrxQdqltA1jawhLKXNbapG5lUko
EgXpRU8qXmRvgLzHzDY1pqwUruqMo/GZ1YCesN7/in+94ewtBLVT0C9oj6hLUoXY
ZnfQaFcLgICaqGAnmmQ9KcQzFqKs1/g0TDCpqo+7YL4uRN+RN4YXEHjzoMEVlIIo
EWi38DLwKIFAEm1U8aBXDeoHwyMI4u7mlkrMcWLykpwHxcwJ6d8pCjb0m2Y/rK/K
fn4Rbzq94bCgww2ZkhEi2JAO4eblyHBmvs+qd7WaUJAJbs5IRxRkbK3bJ2ZKAxhR
idGNZ5bjQXnos1IakXfyhZJFxEcRS3PzHGbm/3aPYvKkuPUbG+LNxW7yl/Zfm9FH
icBS2dpqbuHwZAU+L+AO
=/vOE
-----END PGP SIGNATURE-----

--------------enig853FD96CB958B05689104F0F--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4976F631.7020602>