From owner-freebsd-security@FreeBSD.ORG Thu Jul 21 17:35:05 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B26316A423 for ; Thu, 21 Jul 2005 17:35:05 +0000 (GMT) (envelope-from asym@rfnj.org) Received: from mail.rfnj.org (ns1.rfnj.org [66.180.172.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8864743D72 for ; Thu, 21 Jul 2005 17:34:53 +0000 (GMT) (envelope-from asym@rfnj.org) Received: by mail.rfnj.org (Postfix, from userid 65534) id C4AAF304; Thu, 21 Jul 2005 13:34:40 -0400 (EDT) Received: from megalomaniac.rfnj.org (ool-45736df1.dyn.optonline.net [69.115.109.241]) by mail.rfnj.org (Postfix) with ESMTP id 4C3E019E; Thu, 21 Jul 2005 13:34:40 -0400 (EDT) Message-Id: <6.2.1.2.2.20050721133118.038f7ac8@mail.rfnj.org> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 21 Jul 2005 13:35:41 -0400 To: Stephen Major , From: asym In-Reply-To: <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com> References: <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on rfnj.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=20.0 tests=none autolearn=failed version=3.0.4 Cc: Subject: Re: FW: Adding OpenBSD sudo to the FreeBSD base system? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 17:35:05 -0000 At 13:13 7/21/2005, Stephen Major wrote: >You do not see a bunch of people asking to make apache part of the base >system. Really there is no difference in what you are asking. Just another >program that is not going to get used by everyone. I'd take exception to this part. sudo does everything su does, and more, the question seems to be why NOT replace it? The (*)"60%" of people that su works fine for, could live with sudo with no real overhead and no dependencies. The other (*)"40%" of people that do replace su with sudo would have a small annoying bit of work negated. (*)I find your numbers highly suspect. Probably more like 85-90% of people don't care / don't know about sudo etc. ;) Making it part of the base system also negates part of the security issue associated with having it as a port -- we don't need to track every new whiz-bang version in the base like we do in ports, we just keep what works, apply security and bug fixes, and that's it.