From owner-freebsd-security  Thu Mar 25 12:44:43 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id E8E4415401
	for <freebsd-security@FreeBSD.ORG>; Thu, 25 Mar 1999 12:44:33 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id MAA02527;
	Thu, 25 Mar 1999 12:44:03 -0800 (PST)
	(envelope-from dillon)
Date: Thu, 25 Mar 1999 12:44:03 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199903252044.MAA02527@apollo.backplane.com>
To: bmah@CA.Sandia.GOV (Bruce A. Mah)
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: sudo (was Re: Kerberos vs SSH)
References:  <199903252032.MAA25377@stennis.ca.sandia.gov>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:
:>     We used sudo for a little while 3 years ago, but I decided that it was
:>     too big a security risk and wiped it.  sudo is one of the stupidest
:>     programs I've ever seen.
:
:I'd be curious to hear what you think sudo's shortcomings are, and why it 
:merits being labeled as one of the stupidest programs you've ever seen?
:
:Bruce.

    Simple:  Because the program is designed to poke holes through root and
    run specified programs.  It's fairly easy to misconfigure it, and there is
    no guarentee that the programs it runs are themselves secure.  sudo opens 
    up a whole can of potential security problems.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message