[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sudo ... use or delete?

On 1/29/21 7:34 AM, Peter Ehlert wrote:
> I don't use sudo
> The systems I use and the systems I setup for others never have sudo users setup ... unneeded.
> Should I delete the sudo package? Would that cause some internal conflicts?
> they all have Debian Mate desktops... if that makes any difference, I think not.

As a general rule, if there are no depends or recommends (or suggests) on a
package, you should be safe to remove a package you don't directly call. 
(If not, it's a bug.).

You can easily view this with aptitude:

0. Install aptitude and open it up.
1. Find the package: type /^sudo$ <return>
2. Hit return again to bring up details of the selected package
3. Use the down arrow key to go to "packages which depend on sudo"
4. Hit enter to open up the list of packages.
5. Browse the list to see which packages may be affected.

But, more specifically to your question about sudo, let me argue that, at the
level of paranoia required to be worried about sudo, you should also be
worried about a LOT of other packages.  For instance, if you are worried about
the "opaque" ACLs used in sudoers*, I encourage you to look in
/etc/dbus-1/system.d .  I think there are other places where these kinds of
files live, but I haven't yet gotten around to understanding how to easily
audit these settings.

Similarly, the logic associated with authentication (and message passing)
could easily be more susceptible to buffer overflows than sudo.

But yeah, generically, if you really do not use a piece of software, it's
safer not to have it installed.



Attachment: OpenPGP_0xB01C53D5DED4A4EE.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to: