On Fri, Jan 29, 2021 at 08:12:20AM -0700, Antonio Russo wrote: [...] > But, more specifically to your question about sudo, let me argue that, at the > level of paranoia required to be worried about sudo, you should also be > worried about a LOT of other packages [...] I do appreciate and use sudo -- for me it reduces embarrasing fat-finger mistakes significantly. But it's not everyone cup of tea, and to be fair, there's one current privilege escalation vulnerability [1] around. It seems easily fixable (Debian has a fixed version out, if you do use sudo, check with [2]). So if you aren't using <foo>, it's wise to not install <foo>. Complexity kills :-) Cheers [1] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit [2] https://security-tracker.debian.org/tracker/CVE-2021-3156 - t
Attachment:
signature.asc
Description: Digital signature