Date: Thu, 25 Mar 1999 12:56:06 -0800 From: bmah@CA.Sandia.GOV (Bruce A. Mah) To: Matthew Dillon <dillon@apollo.backplane.com> Cc: bmah@california.sandia.gov (Bruce A. Mah), freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <199903252056.MAA25581@stennis.ca.sandia.gov> In-Reply-To: Your message of "Thu, 25 Mar 1999 12:44:03 PST." <199903252044.MAA02527@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_-1094945312P Content-Type: text/plain If memory serves me right, Matthew Dillon wrote: > : > :> We used sudo for a little while 3 years ago, but I decided that it was > :> too big a security risk and wiped it. sudo is one of the stupidest > :> programs I've ever seen. > : > :I'd be curious to hear what you think sudo's shortcomings are, and why it > :merits being labeled as one of the stupidest programs you've ever seen? > : > :Bruce. > > Simple: Because the program is designed to poke holes through > root and run specified programs. It's fairly easy to > misconfigure it, and there is no guarentee that the programs > it runs are themselves secure. sudo opens up a whole can of > potential security problems. I prefer sudo to su if for no other reason than it eliminates the need for me to remember a bunch of root passwords for machines. I don't use the features that restrict what commands can be run, so I couldn't comment on those. Having command logging is nice also, but for me it's less to keep tracks of the Bad Guys than as a record of things I've done as root. For me it fits the bill nicely, although your points are well taken. Bruce. --==_Exmh_-1094945312P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNvqi5ajOOi0j7CY9AQEIEgP9F6GYXvrhmnqExsS1rvNwO/45K9g8h/W+ ninvwG4U475r3sh4Mt1Gc7ii6aJwedzkul6Yihm5RX7MF9g1k+6wyLGoyFmdkE+u gu4B3SZMYrcahvRoBQETqy1Bx+E199WN8wyJf3geFHXdi3en9NbQPzf9X4jyrCkm TYggPu4OI/g= =V2Ro -----END PGP MESSAGE----- --==_Exmh_-1094945312P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903252056.MAA25581>