From owner-freebsd-security Tue Jul 9 19:35:39 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA28234 for security-outgoing; Tue, 9 Jul 1996 19:35:39 -0700 (PDT) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA28222 for ; Tue, 9 Jul 1996 19:35:33 -0700 (PDT) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0udp7X-0008s7C; Tue, 9 Jul 96 19:35 PDT Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: sudo To: phowlett@ASG.unb.ca (Peter Howlett) Date: Tue, 9 Jul 1996 19:35:18 -0700 (PDT) Cc: taob@io.org, freebsd-security@freebsd.org In-Reply-To: from "Peter Howlett" at Jul 9, 96 10:11:54 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > We use sudo here at the office. It can be useful, but you do have > to be _very_ careful with it. To expand a little on my earlier terse comment :-) I only allow access to it for people I trust as root users; one is allowed to run a script that creates a particular class of users, and I think it's secure, but even so it's someone I trust. The thing I don't trust is my ability to be certain that a program doesn't have back doors in it. The reason I call it indispensable is because I use it all the time. I get dozens of 5-second root-only requests/interrupts/things-that-need-done a day, and the other option is having a root window open all the time, and even that's not as convenient. -- Alan Batie ______ We're Starfleet officers: batie@agora.rdrop.com \ / Weird is part of the job. +1 503 452-0960 \ / --Captain Janeway DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation.