Re: Simple little basic config questions
On Fri, 31 Oct 2003 at 00:14 GMT, Johannes Zarl penned:
>
> --Boundary-02=_nlao/nYI2HXprUI
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Description: signed data
> Content-Disposition: inline
>
>> >>=3D20 People keep talking about sudo like it's the cat's meow, and maybe
>> >>for a single-user system it is. But sudo documentation very
>> >>explicitly warns that, if you're not careful about what you allow, you
>> >>could accidentally allow access to far more than you expected.
>> >
>> >=3D2E..it seems like a good idea on a single-user machine to allow sudo
>> >dpkg -i... sudo dpkg -i make_bash_setuid_root.deb
>>
>> I'm a bit confused ... you snipped out the part where I said that it's
>> probably fine for a single-user machine, then added your own comment to
>> that effect, and instructions for installing it ...
>>
>> For the record, I have it installed. But I still think that espousing
>> sudo as a panacea, without encouraging people to read the documentation
>> and understand the potential pitfalls, is not the right thing to do.
>
> I think you got Colin wrong there (Colin please correct me if *I* got you=20
> wrong:) . Colin just gave an example how easy it is to exploit the=20
> sudo-privilege for using dpkg.
Ah, shoot, you're right. I totally glossed over the sudo example he
suggested. I blame work; it totally gets in the way of concentrating on
important stuff, like debian-user.
Sowwy!
Btw, does Colin = Pigeon? I'm confused on that count as well =P
--
monique
PLEASE don't CC me. Please. Pretty please with sugar on top.
Whatever it takes, just don't CC me! I'm already subscribed!!
Reply to: