[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Please, don't let sudo be auto-removable

Hi,

On Thu, Jul 31, 2025 at 08:01:56PM +0200, Jan Claeys wrote:
> On Wed, 2025-07-30 at 19:55 +0100, Darac Marjal wrote:
> > There's an argument that sudo should refuse to uninstall itself (e.g.
> > in a prerm script) if the root user doesn't have a password at all.
> > That would be a neat trick.
> 
> There are many other tools that allow you to run things as root under
> certain conditions (doas, pkexec, runc, ssh, etc.).  There is no way
> sudo's prerm script can check all possible ways (which would also
> include being able to "understand" all possible configurations of each
> tool!).

We have learned in this thread that sudo does already have a check in its
prerm that prevents its removal if the system has a root account with no
password or if root is a locked account.

It seems reasonable to argue that if sudo is already installed then the user
might use it and erring on the side of caution by assuming that there
may not be another way to obtain root privileges is appropriate. Yes
that will occasionally be unnecessary if the user intends to switch to a
sudo alternative. The removal can be forced in that case.

For those not familiar with the dpkg scripts, you can see it at:

    /var/lib/dpkg/info/sudo.prerm

If you strongly disagree that this is reasonable then you're actually
asking for a change in the sudo packaging to remove that check…

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: