Re: sudo and UNIXes (was: audacity export wma format[1 more question])

To: debian-user@lists.debian.org
Subject: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
From: Reco <recoverym4n@gmail.com>
Date: Sun, 27 Oct 2013 11:31:50 +0400
Message-id: <[🔎] 20131027113150.5d165f99e540507a9892132f@gmail.com>
In-reply-to: <[🔎] CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com>
References: <[🔎] 5267904A.8060709@mi.parisdescartes.fr> <[🔎] 526847A0.3020507@mi.parisdescartes.fr> <[🔎] CA+3U2gYoLoTrX0=vtn8fhzUdujNHhsLev=kxpsdfe43zQ7NxtQ@mail.gmail.com> <[🔎] 5268D1E2.4010700@gmail.com> <5268E69D.8080709@mi.parisdescartes.fr> <[🔎] 5268EBD4.4020400@gmail.com> <[🔎] 1382614959.670.2.camel@archlinux> <[🔎] 20131025012648.GA28581@hysteria.proulx.com> <[🔎] 5269D17C.6090504@optonline.net> <[🔎] 20131025183155.GB9627@hysteria.proulx.com> <[🔎] 20131025234110.478c8065ddd992139a38bc3e@gmail.com> <[🔎] CAOdo=SyHvrF=gPje83ryhjf+iyrLc6AqMTdHbJbJtfDFoWttBg@mail.gmail.com> <[🔎] 20131026011611.f2a1e103756681a7d0e858e0@gmail.com> <[🔎] CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com>

 Hi.

On Sat, 26 Oct 2013 21:50:23 +0000
Tom H <tomh0665@gmail.com> wrote:

> On Fri, Oct 25, 2013 at 9:16 PM, Reco <recoverym4n@gmail.com> wrote:
> 
> 
> > Yes, but pfexec is not sudo. And privilege-aware Solaris shells are
> > definitely not sudo too.
> 
> It might not be sudo but it's the same principle of privilege escalation.
> 
> sudo's simpler to set up so I've yet to work at any Solaris shop where
> it hasn't been installed (it's not necessarily used though; I
> moonlight at two companies where telnetting as root is the norm...).

I agree that sudo is simpler to setup. I disagree that sudo is
installed everywhere where Solaris is.
Because - it's third-party software. And people don't like to install
third-party software ('vendor didn't included it - we don't use it').
As for telnet as a root - the very setup of Solaris (before 10u4 iirc),
pushed one to do exactly this (ssh required manual generation of host
keys, telnet was already there and worked, root is the only working
user after install).

> >>> Considering that primary usage of sudo is to provide controlled
> >>> privilege escalation to uid=0, using unsupported (therefore - not
> >>> updated unless local sysadmins care about security) sudo on these OSes
> >>> is basically equivalent to giving everyone uid=0.
> >>
> >> Somewhat exaggerated :)
> >
> > No offense meant, but probably you're living in a some kind of IT
> > paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of
> > paradise.
> 
> Not updating/patching sudo isn't equivalent to giving everyone root
> access! It's a BIG leap!

True, you need to add to the picture that curious user who just read on
Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
disgruntled user who needs /etc/system changed right here and now. Or
that developer who needs to do this 'small change, nobody will notice'
on a production server.
And if you don't have such people there - good for you, as here we can
always find such person here.

Reco

Reply to:

Follow-Ups:
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>

References:
- audacity export wma format
  - From: François Patte <francois.patte@mi.parisdescartes.fr>
- Re: audacity export wma format[1 more question]
  - From: François Patte <francois.patte@mi.parisdescartes.fr>
- Re: audacity export wma format[1 more question]
  - From: Δημήτρης Παπαδάκης <elppdppd@gmail.com>
- Re: audacity export wma format[1 more question]
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: audacity export wma format[1 more question]
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: audacity export wma format[1 more question]
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: audacity export wma format[1 more question]
  - From: Doug <dmcgarrett@optonline.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: recoverym4n@gmail.com
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>

Prev by Date: Re: sysctl.conf
Next by Date: Re: sysctl.conf
Previous by thread: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Next by thread: Re: sudo and UNIXes
Index(es):
- Date
- Thread