Date: Thu, 25 Mar 1999 16:35:35 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: bmah@CA.Sandia.GOV (Bruce A. Mah), freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <14074.44071.183931.902457@trooper.velocet.ca> In-Reply-To: <199903252044.MAA02527@apollo.backplane.com> References: <199903252032.MAA25377@stennis.ca.sandia.gov> <199903252044.MAA02527@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Matthew" == Matthew Dillon <dillon@apollo.backplane.com> writes: Matthew> Simple: Because the program is designed to poke holes Matthew> through root and run specified programs. It's fairly easy to Matthew> misconfigure it, and there is no guarentee that the programs Matthew> it runs are themselves secure. sudo opens up a whole can of Matthew> potential security problems. Well... in that respect, sudo is simply pointing out how stupid the UN*X security model is once you get beyond one or two sysadmins working on a group of machines. Security itself isn't easy to configure. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14074.44071.183931.902457>