On Wed, Jan 10, 2007 at 12:42:22AM -0500, cga2000 wrote: > > > > > > However, in a situation with multiple admins it is nice to have the > > logging of sudo so that you know who did what/when. > > yes .. see above. > > otherwise it sounds like unnecessary overhead .. making things a bit more > complicated .. and therefore a little less secure. > Except that sudo is a well tested standard piece of practically every Linux distro. I would argue that it makes things more secure since it does not open a persitent session as root. You only have root for as long as you need and no longer. This reduces your vulnerability window. > > I forget what's it called .. "synapsis" or something .. ? but another > one that comes to mind is the GUI front-end to apt .. Wouldn't that need > to run privileged for some of its functionalities (eg. install/remove > software) .. ? > Synaptic. Though, it is hardly required as there are probably a dozen or more front-ends out there which are not graphical. > How's stuff like that supposed to work in a "strict" proof of concept > GUI environment with no *term available -- ie. all you are allowed is > an icon on your desktop and possibly an entry in your gnome/kde menus? > > Sounds like such GUI install/config tools would need to to be able > prompt the user for root's password .. or whatever group password might > be necessary.. > See, I completely disagree here. I don't ever want the GUI installer to prompt me for the root password. I have no idea whether the password is stored securely in memory, or what other nonsense it might try. I'd rather that the program assume I can run it as root. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature