On 1/29/21 7:34 AM, Peter Ehlert wrote: > I don't use sudo > > The systems I use and the systems I setup for others never have sudo users setup ... unneeded. > > > Should I delete the sudo package? Would that cause some internal conflicts? > they all have Debian Mate desktops... if that makes any difference, I think not. > As a general rule, if there are no depends or recommends (or suggests) on a package, you should be safe to remove a package you don't directly call. (If not, it's a bug.). You can easily view this with aptitude: 0. Install aptitude and open it up. 1. Find the package: type /^sudo$ <return> 2. Hit return again to bring up details of the selected package 3. Use the down arrow key to go to "packages which depend on sudo" 4. Hit enter to open up the list of packages. 5. Browse the list to see which packages may be affected. But, more specifically to your question about sudo, let me argue that, at the level of paranoia required to be worried about sudo, you should also be worried about a LOT of other packages. For instance, if you are worried about the "opaque" ACLs used in sudoers*, I encourage you to look in /etc/dbus-1/system.d . I think there are other places where these kinds of files live, but I haven't yet gotten around to understanding how to easily audit these settings. Similarly, the logic associated with authentication (and message passing) could easily be more susceptible to buffer overflows than sudo. But yeah, generically, if you really do not use a piece of software, it's safer not to have it installed. Antonio
Attachment:
OpenPGP_0xB01C53D5DED4A4EE.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature