Edit user groups
Benjamin Lee
ben at b1c1l1.com
Wed Jan 21 02:33:35 PST 2009
On 01/20/2009 08:23 PM, Tim Judd wrote:
[...]
> and I recommend against sudo because it's very design is a
> man-in-the-middle type of scenario, and one typo by the sudo devs can
> possibly make a mess out of things.
>
> I think sudo makes a lazy admin -- too easy to just run in and hit
> something.
>
> I think sudo is a false sense of security. If a user trusts another,
> and give sudo access, why not give the whole OS to them?
>
> Sudo's out there -- don't get me wrong, but you won't catch me dead with
> a box with sudo installed. I think it's a very misleading tool. And
> not to say they do -- but what if the devs put in a keygen...do you
> monitor the sudo source code?
>
> And if I remember correctly -- the way sudo gets it's work done is a
> SUID bit to root. Those are the devil's eggs that hatch and just cause
> havoc. A rogue CGI calling sudo to do something on the website, buffer
> overflow (with php!) and you've gotten rooted.
>
> No, no -- I hate sudo for it's own doing. It's going to eat itself alive.
>
> </rant> No flames please.
Have you read through the entire src tree? And the source of every
software package you've ever installed? If so, it would be a drop in
the bucket to read through sudo as well.
I see that you sent your e-mail from a Windows box...
P.S. There is a difference between a keygen and a keylogger.
--
Benjamin Lee
http://www.b1c1l1.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090121/cfc3f493/signature.pgp
More information about the freebsd-questions
mailing list