Date: Fri, 22 Jul 2005 06:05:36 +0100 From: markzero <mark@darklogik.org> To: asym <bsdlists@rfnj.org> Cc: freebsd-security@freebsd.org Subject: Re: FW: Adding OpenBSD sudo to the FreeBSD base system? Message-ID: <20050722050536.GA27478@logik.ath.cx> In-Reply-To: <6.2.1.2.2.20050722002806.03860150@mail.rfnj.org> References: <42e0044a.3317306b.5585.30fe@mx.gmail.com> <42E058BC.9070004@tog.net> <20050722030707.GA39218@logik.ath.cx> <6.2.1.2.2.20050722002806.03860150@mail.rfnj.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--BXVAT5kNtrzKuDFl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jul 22, 2005 at 12:28:41AM -0400, asym wrote:
> At 23:07 7/21/2005, markzero wrote:
> >On Thu, Jul 21, 2005 at 10:23:56PM -0400, ender wrote:
> >> Stephen Major wrote:
> >>
> >> If sudo offered the opportunity for more features, but by default
> >> behaved exactly the same way as su, I would see no disadvantages to
> >> replacing su with sudo. Am i missing something?
> >
> >What happens if you maintain systems that don't need sudo?
>=20
> You don't use the additional features. That was a hard one. Next?
Don't patronise me. This is supposed to be a mailing list discussing
security, not a childish pissing contest.
It is a valid concern when a tiny, well tested SUID binary is to be
replaced with one almost seven times its size:
$ wc -l /usr/src/usr.bin/su/su.c=20
572 /usr/src/usr.bin/su/su.c
By comparison:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/sudo/
$ du -h `which sudo`
98K /usr/local/bin/sudo
$ du -h `which su`
14K /usr/bin/su
I am not opposed to having sudo in the base system, I am however opposed
to it replacing su. I use sudo on about a third of my systems, on those
that I don't, I would no longer have the option to remove it unless I
wanted a crippled, su-less system. If sudo does not replace su, those
that don't use it can remove it. Those that use it - good, less work for
them. Everybody is happy.
M
--=20
pgp: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9dD1
--BXVAT5kNtrzKuDFl
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iQIVAwUBQuB+nqfaOQ/e/53RAQr3AA/+Mm0V3bLsV1ZkkxYZd3rzloF9a5QdsNQD
CAoCELSPOcM1kE3gDZSf5brbgS3LgPZc3ac3WHZxGCzTtp0qzgwJDU9xxw0kIzs/
etOAur1f99lO5HaM2qesEJgXqwvT9gMfE2x+iFdf6juNA4Wn2IuhDWdqtAVP29Kj
8UsqziTK8ebrtKZvrS7Mvhd28o8xBzTE8vK865B/M7QUwc3/7C3ADZ8ES2pl+BOR
LTdmFIQgl6DaX6AU8dDOX/8HzhI/fFkKc4P6qEHgbNe0v059D58CSSV4vj8Kaf3h
e53ql1pIZ/n0mF7FsUjzYDZj7E3LFQJ2WMUWbjJpLz85VxOPenGRv0Twbh2sMErg
2nG8d+3rVOHeRd4jzMTADZaQXBm7ZqdBldL1mqTFUnORN56o+pCXNgLzpZ+IPlhA
ws4oz2aSQsVY/KfSEOvY4lJkG6ZJhAQw9NHDF1JBEyztGV0omFbiS3xCCL2Ncfc0
6E08ywhk5fnSfwr4zaEOyJYirTT7oHQHobFZTk8GeLSXVx7lOPaUu48hmLL5UfKo
nHUdw4id41wwA22LJUNTPx+7S9XokO/AGxRnK55smwsg2R9wZS+C8l3r4eB4Y9gq
khfLSWl6JJyqEHtpT9jSxe7X64v09H78ku1PC8gL0gSTjYrT9RYXBcU64usimQuD
Wn44c3mkf+0=
=wgsI
-----END PGP SIGNATURE-----
--BXVAT5kNtrzKuDFl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050722050536.GA27478>