On Mon, Sep 18, 2000 at 02:31:51PM -0700, Joey Hess (joeyh@debian.org) wrote: > kmself@ix.netcom.com wrote: > > I'll have to think a bit before I say it's really bad. I think it's not > > a *good* idea > > It's a horrible idea. > > All someone has to do then is crack your user account, and they can > trivially edit one of your dotfiles and the next time you su to root, > they have cracked root as well. Though there are other avenues to this as well. Ethan and I have been going rounds on whether or not sudo is better than su. My contention is that sudo provides finer grained control, even when such things as "sudo bash" are allowed. However, in such a case, again, only user-level security need be compromised for an attacker to gain root. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Opensales, Inc. http://www.opensales.org What part of "Gestalt" don't you understand? Debian GNU/Linux rocks! http://gestalt-system.sourceforge.net/ K5: http://www.kuro5hin.org GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpUTPMwPHTwg.pgp
Description: PGP signature