From owner-freebsd-security@FreeBSD.ORG Thu Jul 21 19:05:57 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDB7B16A41F for ; Thu, 21 Jul 2005 19:05:57 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from haven.freebsd.dk (haven.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D4CA43DA1 for ; Thu, 21 Jul 2005 19:05:52 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (unknown [192.168.48.2]) by haven.freebsd.dk (Postfix) with ESMTP id A9B52BC89; Thu, 21 Jul 2005 19:05:50 +0000 (UTC) To: Stephen Major From: "Poul-Henning Kamp" In-Reply-To: Your message of "Thu, 21 Jul 2005 10:13:41 PDT." <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com> Date: Thu, 21 Jul 2005 21:05:49 +0200 Message-ID: <13950.1121972749@phk.freebsd.dk> Sender: phk@phk.freebsd.dk Cc: freebsd-security@freebsd.org Subject: Re: FW: Adding OpenBSD sudo to the FreeBSD base system? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 19:05:58 -0000 In message <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com>, Stephen Major writes: >I really do not agree with adding it to the base system. If sudo imported into the system doesn't do any more damage than the filesystem space consumed, then I really cannot see any harm being done. If it were configured to DTRT (probably check membership the wheel group ?) I still can't see the problem. If sudo forces everybody to edit a config file, then there is a problem, but I seriously doubt that is the case. There are a lot of wise people who say that UNIX has stagnated for 20 of the thirty years it has existed, and sometimes I'm starting to see things from that side. One things that increasingly irritates me is that in UNIX it takes 60 lines to open a TCP connection because nobody could agree to adding a "nopen()" function to libc which would encapsulate those 60 lines of code. I see the same "spirit" at work here: "Dennis and Ken didn't approve of sudo, it is not documented in any POSIX_MISTAKE, and I never got around to get used to use it, so of course we cannot let it into FreeBSD!" Minimalism is good, but taken it to far is suicidal. Commit it! -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.