From owner-freebsd-security Thu Mar 25 14:25: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id DCC581540B for ; Thu, 25 Mar 1999 14:25:07 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id OAA03520; Thu, 25 Mar 1999 14:24:40 -0800 (PST) (envelope-from dillon) Date: Thu, 25 Mar 1999 14:24:40 -0800 (PST) From: Matthew Dillon Message-Id: <199903252224.OAA03520@apollo.backplane.com> To: David Gilbert Cc: bmah@CA.Sandia.GOV (Bruce A. Mah), freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) References: <199903252032.MAA25377@stennis.ca.sandia.gov> <199903252044.MAA02527@apollo.backplane.com> <14074.44071.183931.902457@trooper.velocet.ca> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :>>>>> "Matthew" == Matthew Dillon writes: : :Matthew> Simple: Because the program is designed to poke holes :Matthew> through root and run specified programs. It's fairly easy to :Matthew> misconfigure it, and there is no guarentee that the programs :Matthew> it runs are themselves secure. sudo opens up a whole can of :Matthew> potential security problems. : :Well... in that respect, sudo is simply pointing out how stupid the :UN*X security model is once you get beyond one or two sysadmins :working on a group of machines. Security itself isn't easy to :configure. : :Dave. If these are sysadmins and they need access to critical root-only portions of the machine, you have to give it to them. No magical security model is going to make that problem go away. UNIX is being pragmatic about it. It's just plain silly to run things as root that don't need to be run as root. So don't! Then the only people who need root are the ones that need to be able to work on the guts of the machine. -Matt Matthew Dillon : :-- :============================================================================ :|David Gilbert, Velocet Communications. | Two things can only be | :|Mail: dgilbert@velocet.net | equal if and only if they | :|http://www.velocet.net/~dgilbert | are precisely opposite. | :=========================================================GLO================ : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message