[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exim permissions

On Mon, Dec 02, 2002 at 06:31:56AM +0000, Pigeon wrote:
> On Sun, Dec 01, 2002 at 09:49:52PM +0000, Clive Standbridge wrote:
> > I have not heard that sudo is inherently insecure in any specific way
> > (but I'm not a long time sudo user).
> I think it's a complexity issue. The sudo binary is about ten times
> the size of that of my one-line C program, and has far, far greater
> complexity, as well as allowing the user to, in principle, run _any_
> command as root. So it must offer many more points of attack. If I was
> to start writing more complex setuid-root programs to do a greater
> variety of things than just run one very specific command, it wouldn't
> take very long before the situation reversed.

The complexity issue is balanced by the fact that lots and lots of
people have looked at the source of sudo, and actively found holes in
it.  The point at which this becomes advantageous will vary depending on
circumstance, of course.


Attachment: pgpmYFnmKufrs.pgp
Description: PGP signature

Reply to: