FW: Adding OpenBSD sudo to the FreeBSD base system?
markzero
mark at darklogik.org
Fri Jul 22 05:05:56 GMT 2005
On Fri, Jul 22, 2005 at 12:28:41AM -0400, asym wrote:
> At 23:07 7/21/2005, markzero wrote:
> >On Thu, Jul 21, 2005 at 10:23:56PM -0400, ender wrote:
> >> Stephen Major wrote:
> >>
> >> If sudo offered the opportunity for more features, but by default
> >> behaved exactly the same way as su, I would see no disadvantages to
> >> replacing su with sudo. Am i missing something?
> >
> >What happens if you maintain systems that don't need sudo?
>
> You don't use the additional features. That was a hard one. Next?
Don't patronise me. This is supposed to be a mailing list discussing
security, not a childish pissing contest.
It is a valid concern when a tiny, well tested SUID binary is to be
replaced with one almost seven times its size:
$ wc -l /usr/src/usr.bin/su/su.c
572 /usr/src/usr.bin/su/su.c
By comparison:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/sudo/
$ du -h `which sudo`
98K /usr/local/bin/sudo
$ du -h `which su`
14K /usr/bin/su
I am not opposed to having sudo in the base system, I am however opposed
to it replacing su. I use sudo on about a third of my systems, on those
that I don't, I would no longer have the option to remove it unless I
wanted a crippled, su-less system. If sudo does not replace su, those
that don't use it can remove it. Those that use it - good, less work for
them. Everybody is happy.
M
--
pgp: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9dD1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050722/d6853d6b/attachment-0001.bin
More information about the freebsd-security
mailing list