Re: sudo security Was: Reporting missing package during install

To: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
Cc: debian-user@lists.debian.org
Subject: Re: sudo security Was: Reporting missing package during install
From: "Gian Uberto Lauri" <saint@eng.it>
Date: Tue, 10 Dec 2013 17:56:21 +0100
Message-id: <[🔎] 21159.18357.179948.443165@mail.eng.it>
Reply-to: "Gian Uberto Lauri" <saint@eng.it>
In-reply-to: <[🔎] 1386676137.23432.15.camel@archlinux>
References: <[🔎] CAO7q0mn82WxbO_1fL3o1P_X5qz8brA2kZruVb6JG8Nz6LYAZnA@mail.gmail.com> <[🔎] 20131207200143.GJ3239@sid.nuvreauspam> <[🔎] 20131207213630.GB6685@hysteria.proulx.com> <[🔎] 201312090001.50206.lisi.reisz@gmail.com> <[🔎] 21157.31399.63135.88312@mail.eng.it> <[🔎] 20131209094043.GQ3239@sid.nuvreauspam> <[🔎] 21157.37830.879558.114857@mail.eng.it> <[🔎] 20131209164451.GR3239@sid.nuvreauspam> <[🔎] 21157.64035.378332.381679@mail.eng.it> <[🔎] 1386610474.14806.166.camel@archlinux> <[🔎] 21158.50965.22307.269961@mail.eng.it> <[🔎] 1386670510.14806.406.camel@archlinux> <[🔎] 21158.63028.962015.30900@mail.eng.it> <[🔎] 1386676137.23432.15.camel@archlinux>

Ralf Mardorf writes:
 > bad luck, but not for me. If somebody would
 > break my Linux, I would restore it from a backup.

I would not stay on this "not my problem" stance[*], and I would not
trust backups as an absolute safety.

 > I don't understand why sudo should be less save.

Because its standard configuration "abuses" the tool a bit and leaves
a potential door open.

 > I still do not understand what exactly is more secure by using su, than
 > when having both su and sudo or only sudo.

My opinion is "su to switch user for administrative tasks", sudo for
those special cases where power is leased for certain tasks to certain
people (having at least a better man page would not hurt in this).

Debian is a distribution with a strong social commitment, a great
package management and the stable distribution is rock solid.

 > For servers with many users there are for sure books written how to make
 > them most secure possible. For my PC and many other home PCs there is
 > zero need for much security.

Nope. Those  PC w/o security  may become part  of a swarm  used for...
whatever. Maybe silencing your favourite campaign.

 > AFAIK for the multi-user-system the biggest issue are USB ports and
 > optical drives. As long as users can chroot using a live CD there's no
 > need to care about su or sudo anyway.

Physical security is indeed an issue. When attackers can put their
greedy hands on a computer there is nothing to stop them :)

 > Perhaps somebody with real server experiences for real
 > multi-user-systems could enlighten us, if sudo does cause any issue and
 > why Debian anyway decided to make it a default.

I had some in the past, even in the not so far past. Even if I am a
senior developer, the Italian part of my signature says "Software
farmer and sysadmin in others' wasted time [**]".

And unguarded machines are a real boon for "wrongdoers".

-- 
 /\           ___                                    Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____               African word
  //--\| | \|  |   Integralista GNUslamico            meaning "I can
\/                 coltivatore diretto di software       not install
     già sistemista a tempo (altrui) perso...                Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO

[*] http://www.thehypertexts.com/Famous%20Holocaust%20Poems.htm

[**] "a tempo perso" means "in his/her spare time" and "a tempo
(altrui) perso" is a terrible joke poiting to wasting others' time.

Reply to:

Follow-Ups:
- Re: sudo security Was: Reporting missing package during install
  - From: Iain M Conochie <iain@thargoid.co.uk>
- Re: sudo security Was: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

References:
- Reporting missing package during install
  - From: Troy Engel <troyengel@gmail.com>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: Bob Proulx <bob@proulx.com>
- Re: Reporting missing package during install
  - From: Lisi Reisz <lisi.reisz@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- sudo security Was: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: sudo security Was: Reporting missing package during install
  - From: "Gian Uberto Lauri" <saint@eng.it>
- Re: sudo security Was: Reporting missing package during install
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>

Prev by Date: Re: sudo security Was: Reporting missing package during install
Next by Date: Re: sudo security Was: Reporting missing package during install
Previous by thread: Re: sudo security Was: Reporting missing package during install
Next by thread: Re: sudo security Was: Reporting missing package during install
Index(es):
- Date
- Thread