From owner-freebsd-security@FreeBSD.ORG Thu Jul 21 20:19:06 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74A3216A41F for ; Thu, 21 Jul 2005 20:19:06 +0000 (GMT) (envelope-from asym@rfnj.org) Received: from mail.rfnj.org (ns1.rfnj.org [66.180.172.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29D3643D46 for ; Thu, 21 Jul 2005 20:19:06 +0000 (GMT) (envelope-from asym@rfnj.org) Received: by mail.rfnj.org (Postfix, from userid 65534) id 993C2304; Thu, 21 Jul 2005 16:18:53 -0400 (EDT) Received: from megalomaniac.rfnj.org (ool-45736df1.dyn.optonline.net [69.115.109.241]) by mail.rfnj.org (Postfix) with ESMTP id 0E3D319E; Thu, 21 Jul 2005 16:18:52 -0400 (EDT) Message-Id: <6.2.1.2.2.20050721161529.038fb470@mail.rfnj.org> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 21 Jul 2005 16:19:55 -0400 To: Kurt Seifried , From: asym In-Reply-To: <008101c58e30$1066e3c0$1a64110a@64DOG> References: <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com> <008101c58e30$1066e3c0$1a64110a@64DOG> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on rfnj.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=20.0 tests=none autolearn=failed version=3.0.4 Cc: Subject: Re: Adding OpenBSD sudo to the FreeBSD base system? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 20:19:06 -0000 At 16:09 7/21/2005, Kurt Seifried wrote: >Uhh you people realize sudo is COMPLEMENTARY to su? All my Linux and >OpenBSD systems (wait for it.....) have _both_ installed by default. Crazy >huh? Some example commands: > >sudo ifconfig blah [enters own password] >sudo su - [enters own password] >sudo sendmail -q [enters own password] >su - [enters root password] > >Whoa! what's #2? And what's #4? Holy cow! For me, #2 and #4 are replaced by "sudo -u root sh" or some other shell, totally obviating the need to have su at all. I realize some people use it in shell scripts and so on, which I will refrain from commenting on, which would make a sudo "su" mode a requirement to have it *replace* su, much like the various "vi" invocation implementations. I see absolutely no reason why sudo should not be in the base system. Not one. I see almost as little need to make it behave as "su" when called as "su", but I can at least see the reasoning behind it, and I also understand that doing so would not be difficult. >Folks, this is by far the stupidest argument/discussion I have ever seen >on a security related mailing list (and I've been on BugTraq and >Full-Disclosure for a long time so that's saying something). If "myth-busting" as I've done with Stephen is "stupid" well, go ahead at tattoo it on my forehead. I'm from a place where education is the cure for stupidity, not the incarnation of it.