[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sudo ... use or delete?

On Fri, Jan 29, 2021 at 08:12:20AM -0700, Antonio Russo wrote:


> But, more specifically to your question about sudo, let me argue that, at the
> level of paranoia required to be worried about sudo, you should also be
> worried about a LOT of other packages [...]

I do appreciate and use sudo -- for me it reduces embarrasing
fat-finger mistakes significantly.

But it's not everyone cup of tea, and to be fair, there's one
current privilege escalation vulnerability [1] around. It seems
easily fixable (Debian has a fixed version out, if you do use
sudo, check with [2]).

So if you aren't using <foo>, it's wise to not install <foo>.
Complexity kills :-)


[1] https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
[2] https://security-tracker.debian.org/tracker/CVE-2021-3156
 - t

Attachment: signature.asc
Description: Digital signature

Reply to: