[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sudo was[Re: Emacs from Xterm]



>>>>> "Bob" == Bob Proulx <bob@proulx.com> writes:

 >> *but*, people often overestimate the safety provided by sudo.
 >> many
 Bob> [...lots of valid reasons deleted...]

 Bob> But that as well is not an argument against sudo.

 Bob> To continue that line of reasoning it is unsafe to connect a
 Bob> computer to a network.  Root vulnerability exploits have existed

not at all.  connecting a computer to a global network has *known*
risks (in the abstract, at least, even if the exact exploits are not
known), which the administrator can evaluate and make a decision as to
whether or not the potential costs outweight the benefits.

sudo offers moderately experienced user/admins what appears to be a
convenient way of extending the traditional UNIX authorization
system.  authorization to use certain restricted sets of command can
be extended to users not normally so authorized.

the difference is that while most people know about (and accept) the
risks of connecting a computer to a network, many users of sudo do
*not* know about the risks associated with its use.  and yes, I have
seen even very experienced admins get fooled by sudo into granting
more than they realized.

note that none of this means that people shouldn't use sudo.  it just
means that if they care about security, they should think hard about
how it's configured.

-- 

joe


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: