recovery...@gmail.com wrote: > Bob Proulx wrote: > > Sudo has been on HP-UX, SunOS, Solaris, IBM AIX and others for > > many years. It isn't anything new. It is a good worthy tool. > > This is not entirely correct. Sudo is considered third-party software > in HP-UX (HP merely builds it and doesn't install by default), AIX (not > provided by IBM and therefore not supported) and Solaris (third-party > software without any support in versions =< 10). About the only > exception is Solaris 11 which provides sudo in default install (and it > is configured the same way as in Ubuntu by default).
It is certainly fair that you would take exception to my words (since I often do that to others!) but I said "on" those not "distributed by" them. ;-) I didn't say the vendor distributed it. Most of those systems ship very little by their vendors. I have used them for many years and almost all of the software that you will use on those systems will have been compiled and installed by the local admin. IMNHO they are mainly a good solid base upon which you as the local admin build the working system upon. And for me if we are talking about what we compile locally from source I would need to look but the list is several hundred packages long! > Considering that primary usage of sudo is to provide controlled > privilege escalation to uid=0, using unsupported (therefore - not > updated unless local sysadmins care about security) sudo on these > OSes is basically equivalent to giving everyone uid=0. You left the large "unless local sysadmins care about security" escape clause there. But what about if the local admin *does* care about security? In that case you can have a system with _better_ security than that provided by the vendor. And even in the case of an overworked and somewhat slack admin the system security with source sudo installed but old is probably about the same as the provided by the vendor. Vendors don't update their software that often and usually not without something pushing them to do so. For improved security a system with many eyes upon the code such as Debian is much better. Anyone using a traditional legacy Unix system today is most likely not using it for the security of the system but for other aspects of it. Bob
signature.asc
Description: Digital signature
