Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Root - NO KDE

Jonathan Byrne wrote:
> James Cluff ( wrote:
>>a new sudo user
> Sudo has a history of exploits of its own, though.  It's certainly
> no magic bullet.   Avoid it if you can.

I did not claim it was a magic bullet. I claimed that, used properly, it 
  is a better tool than su - for administration of a box so that you do 
not inadvertantly (or intentionally) have root shells hanging around.

And James is correct about the utility of sudo to provide non-root users 
the ability to do limited things as root, as necessary.

There are *no* magic bullets, Jonathon, but I disagree with you about 
avoiding sudo. Everything has a history of exploits. Should we stop 
using Apache because of last week's fiasco? Should we stop using 
Sendmail because of its less than optimal security history? (Yes! ;)

I would argue that instead, we should be trying to find new exploits and 
fixing them. I have read some of the sudo code, and it has survived the 
OpenBSOD (sorry, couldn't resist) audit. So, is sudo perfect now? No, 
but I trust it until shown otherwise. If an exploit hits, I will patch 
or disable sudo until I can patch.

So that is my opinion. I am curious as to what elicited such a strong 
statement from you? What do you not like about sudo, specifically?

Josh Glover <>

Associate Systems Administrator

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links