From owner-freebsd-questions@FreeBSD.ORG Wed Jan 21 10:33:34 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B78C61065672 for ; Wed, 21 Jan 2009 10:33:34 +0000 (UTC) (envelope-from ben@b1c1l1.com) Received: from lancer.b1c1l1.com (lancer.b1c1l1.com [72.13.86.100]) by mx1.freebsd.org (Postfix) with ESMTP id 9F0F98FC1E for ; Wed, 21 Jan 2009 10:33:34 +0000 (UTC) (envelope-from ben@b1c1l1.com) Received: from supra.b1c1l1.com (c-76-102-159-187.hsd1.ca.comcast.net [76.102.159.187]) by lancer.b1c1l1.com (Postfix) with ESMTPSA id 3770B5C2C; Wed, 21 Jan 2009 02:17:31 -0800 (PST) Message-ID: <4976F631.7020602@b1c1l1.com> Date: Wed, 21 Jan 2009 02:17:21 -0800 From: Benjamin Lee User-Agent: Thunderbird 2.0.0.19 (X11/20090103) MIME-Version: 1.0 To: Tim Judd References: <49762F6C.8040404@comcast.net> <20090120222942.GB26526@lava.net> <4976A344.3090106@gmail.com> In-Reply-To: <4976A344.3090106@gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig853FD96CB958B05689104F0F" Cc: questions@freebsd.org, Akenner , Clifton Royston Subject: Re: Edit user groups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2009 10:33:35 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig853FD96CB958B05689104F0F Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 01/20/2009 08:23 PM, Tim Judd wrote: [...] > and I recommend against sudo because it's very design is a > man-in-the-middle type of scenario, and one typo by the sudo devs can > possibly make a mess out of things. >=20 > I think sudo makes a lazy admin -- too easy to just run in and hit > something. >=20 > I think sudo is a false sense of security. If a user trusts another, > and give sudo access, why not give the whole OS to them? >=20 > Sudo's out there -- don't get me wrong, but you won't catch me dead wit= h > a box with sudo installed. I think it's a very misleading tool. And > not to say they do -- but what if the devs put in a keygen...do you > monitor the sudo source code? >=20 > And if I remember correctly -- the way sudo gets it's work done is a > SUID bit to root. Those are the devil's eggs that hatch and just cause= > havoc. A rogue CGI calling sudo to do something on the website, buffer= > overflow (with php!) and you've gotten rooted. >=20 > No, no -- I hate sudo for it's own doing. It's going to eat itself ali= ve. >=20 > No flames please. Have you read through the entire src tree? And the source of every software package you've ever installed? If so, it would be a drop in the bucket to read through sudo as well. I see that you sent your e-mail from a Windows box... P.S. There is a difference between a keygen and a keylogger. --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enig853FD96CB958B05689104F0F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJdvY3AAoJEN/n9makEYThimMQAL0xf0GZu2s70JiZWljVjZ+2 m+AgZfe+MU/MdY/ki2gpnWi7eLQ+nULt5gQuYeI1z4cL6CnpzAK4rxuB18pVh7Yp cDbgHxhfqcFvv7ES/buuZyFo5JwWPyyTwWS1Ozwbp0T1567s1tjGXqtj+C9omc1b vxYrAGM9ydDuT5Mwk/HGdFlBmOfCCxo1drpnZfY4h2zagt6gZ8JbHAyMB/MPvCCp epiZpnPyfcW/FCZWSwesDvTFg8LWdq9sQvgFhjnARdHDT9ELx6moy7e8Io0tNSw4 mevJHtzvx2fHhdxFH7wTyAERh1+Apl/NEhwqPJrxQdqltA1jawhLKXNbapG5lUko EgXpRU8qXmRvgLzHzDY1pqwUruqMo/GZ1YCesN7/in+94ewtBLVT0C9oj6hLUoXY ZnfQaFcLgICaqGAnmmQ9KcQzFqKs1/g0TDCpqo+7YL4uRN+RN4YXEHjzoMEVlIIo EWi38DLwKIFAEm1U8aBXDeoHwyMI4u7mlkrMcWLykpwHxcwJ6d8pCjb0m2Y/rK/K fn4Rbzq94bCgww2ZkhEi2JAO4eblyHBmvs+qd7WaUJAJbs5IRxRkbK3bJ2ZKAxhR idGNZ5bjQXnos1IakXfyhZJFxEcRS3PzHGbm/3aPYvKkuPUbG+LNxW7yl/Zfm9FH icBS2dpqbuHwZAU+L+AO =/vOE -----END PGP SIGNATURE----- --------------enig853FD96CB958B05689104F0F--