Date: Thu, 25 Mar 1999 17:05:18 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Matthew Dillon <dillon@apollo.backplane.com>, bmah@CA.Sandia.GOV (Bruce A. Mah) Cc: freebsd-security@FreeBSD.ORG Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <v04011701b32060ab1ee4@[128.113.24.47]> In-Reply-To: <199903252044.MAA02527@apollo.backplane.com> References: <199903252032.MAA25377@stennis.ca.sandia.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
>: I'd be curious to hear what you think sudo's shortcomings are, and >: why it merits being labeled as one of the stupidest programs you've >: ever seen? > > Simple: Because the program is designed to poke holes through > root and run specified programs. It's fairly easy to misconfigure > it, and there is no guarentee that the programs it runs are > themselves secure. sudo opens up a whole can of potential > security problems. When working with lots of sysadmin's and lots of machines, sudo is a very useful tool. At least, it (or programs like it) are better than other alternatives. It beats making executables setuid, for instance. It beats having lots of different people with the password to root, and the ability to run *anything* and do *anything* that they want. Just my 2 cents worth... --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011701b32060ab1ee4>