From owner-freebsd-security  Tue Jul  9 22:42:46 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA10586
          for security-outgoing; Tue, 9 Jul 1996 22:42:46 -0700 (PDT)
Received: from kdat.calpoly.edu (kdat.csc.calpoly.edu [129.65.54.101])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA10581
          for <freebsd-security@freebsd.org>; Tue, 9 Jul 1996 22:42:44 -0700 (PDT)
Received: (from nlawson@localhost) by kdat.calpoly.edu (8.6.12/N8) id WAA06366; Tue, 9 Jul 1996 22:42:42 -0700
From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu>
Message-Id: <199607100542.WAA06366@kdat.calpoly.edu>
Subject: Re: sudo
To: taob@io.org (Brian Tao)
Date: Tue, 9 Jul 1996 22:42:41 -0700 (PDT)
Cc: freebsd-security@freebsd.org
In-Reply-To: <Pine.NEB.3.92.960709200721.18177A-100000@zap.io.org> from "Brian Tao" at Jul 9, 96 08:08:28 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>     What are people's feelings towards the "sudo" utility?  Is it
> really all that usefull, or does it just open up a lot of potential
> avenues of attack and abuse?  Some of our co-located customers want to
> have it installed so they can do some root-privileged stuff, instead
> of getting us to do it all the time (even though that's what they pay
> us to do).

Sudo is useful for a lot of situations, but remember it is equivalent to
giving said user a uid of zero.  There is no way to keep a user with sudo
access from getting root.  As long as you remember that, you're ok.

Second, something you said bothers me.  They want to do root stuff even though
you are paid to do that.  Be very careful here with responsibility.  What
happens when they call you up complaining that no one but root can run commands?
How long will it take you to find that the customer accidentally did a
chmod 700 /? (actual case).  What if it's something more subtle?  Are you and
they willing to accept the fact that it might take you extra time and/or money
to clean up after them? 

Lastly, be careful what version of sudo you get.  The version distributed a
while back (and included in a popular sysadmin book!) used popen() to send mail
when a user wasn't in the sudoers file.  Hey, then you can put yourself in the
sudoers file..  a feature!

-- 
Nate Lawson                  "There are a thousand hacking at the branches of
CPE Senior                    evil to one who is striking at the root."
CSL Admin                              -- Henry David Thoreau, 'Walden', 1854