FW: Adding OpenBSD sudo to the FreeBSD base system?
Simon L. Nielsen
simon at FreeBSD.org
Thu Jul 21 19:11:13 GMT 2005
On 2005.07.21 12:36:16 -0400, asym wrote:
> Personally, I would like to see sudo not only in the base system, but in
> the base system with a default configuration that mimics su(1) and thus
> replaces it entirely. The only difference is which password you need to
> provide. After a period for migration (or perhaps just in 6.x and noted in
> the release notes), su could become just a symlink to sudo.
Personally I would object to that. I use sudo, so I have nothing
against it (except it's default config), but the main reason the above
suggestion with replacing sudo with su is a bad idea:
[simon at zaphod:sudo-1.6.8p9] cat *.c | wc -l
16357
[simon at zaphod:sudo-1.6.8p9] wc -l /usr/src/usr.bin/su/*.c
572 /usr/src/usr.bin/su/su.c
For systems that has use for sudo the increased complexity of a setuid
root program can be accepted, but I see no reason to subjecting every
other system to the same increased risk without any benefit.
And for this argument, sudo's security record is also much more
important (compared to just importing it where it can be disabled).
In case people want to see what I'm talking about, go to
http://www.vuxml.org/freebsd/pkg-sudo.html .
(In case anyone should be in doubt; this mail is about su -> sudo, not
the general idea of importing sudo, I have commented on that).
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050721/e9b2b58f/attachment.bin
More information about the freebsd-security
mailing list