Re: [tlug] Root - NO KDE

[Josh Glover <jmglov@example.com>]

Jonathan Byrne wrote:
> James Cluff (jc@example.com) wrote:
> 
> 
>>a new sudo user
> 
> 
> Sudo has a history of exploits of its own, though.  It's certainly
> no magic bullet.   Avoid it if you can.

I did not claim it was a magic bullet. I claimed that, used properly, it 
  is a better tool than su - for administration of a box so that you do 
not inadvertantly (or intentionally) have root shells hanging around.

And James is correct about the utility of sudo to provide non-root users 
the ability to do limited things as root, as necessary.

There are *no* magic bullets, Jonathon, but I disagree with you about 
avoiding sudo. Everything has a history of exploits. Should we stop 
using Apache because of last week's fiasco? Should we stop using 
Sendmail because of its less than optimal security history? (Yes! ;)

I would argue that instead, we should be trying to find new exploits and 
fixing them. I have read some of the sudo code, and it has survived the 
OpenBSOD (sorry, couldn't resist) audit. So, is sudo perfect now? No, 
but I trust it until shown otherwise. If an exploit hits, I will patch 
or disable sudo until I can patch.

So that is my opinion. I am curious as to what elicited such a strong 
statement from you? What do you not like about sudo, specifically?


-- 
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.