[Bug 258636] [change request] ports-mgmt/porttools: Make sudo optional

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Sep 2021 18:11:31 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258636

            Bug ID: 258636
           Summary: [change request] ports-mgmt/porttools: Make sudo
                    optional
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: skreuzer@FreeBSD.org
          Reporter: jwb@freebsd.org
             Flags: maintainer-feedback?(skreuzer@FreeBSD.org)
          Assignee: skreuzer@FreeBSD.org

Might you consider not having sudo as an unconditional dependency?

As you're probably aware, sudo has had some serious security holes, including
one that permitted root access to any user on a system where sudo was
installed.

https://www.sudo.ws/security.html

Temporary root access for individual commands can also be provided using

su -m root -c 'command args'

I imagine some people may prefer to use sudo despite the risks, so the main
thing is simply allowing porttools to be used without having sudo installed if
one so chooses.

That could be as simple as dropping the sudo dependency and issuing an error
message when it's needed and not installed.  Those who want to use sudo with
port commands can easily install it separately.

-- 
You are receiving this mail because:
You are the assignee for the bug.