Re: Reporting missing package during install
On Mon, Dec 9, 2013 at 9:56 AM, Gian Uberto Lauri <saint@eng.it> wrote:
> Andrei POPESCU writes:
>> On Lu, 09 dec 13, 09:09:11, Gian Uberto Lauri wrote:
>>> What are the benefits of The "Macintosh/Ubuntu" use of sudo? Improved
>>> security? Are you kidding? Whatever the user I compromise I have root
>>> access, just type "sudo bash".
>>
>> sudo doesn't make this worse, just slightly easier. Compromising any
>> user account used for getting root is equivalent to getting root on the
>> system.
>
> sudo makes it a bit worse. Any user account opens the door to the root
> account. Therefore you have to guard a larger perimeter.
You're assuming that everyone has "ALL" as the executable that can be
run via sudo and that sudo is only used to act as root.
>> 2. it's still better than having to require a password every time the
>> user runs 'sudo <command>', because the net effect would be that most
>> would disable the password completely or just leave a 'sudo -i' session
>> active for ever (and not lock their screen, etc.)
>
> Teach them to use a root session that must be handled with exteme
> care.
>
> I have to do X commands as root? I su root, do the X command and close
> the session.
>
> With the off-the-shelf configuration, the simplest thing to do is sudo
> bash.
You're assuming that everyone has "ALL" as the executable that can be
run via sudo. By default on a Debian system, only the members of the
"sudo" group have unrestricted access to root via sudo.
Reply to: