On Fri, Oct 25, 2013 at 9:16 PM, Reco <recovery...@gmail.com> wrote: > On Fri, 25 Oct 2013 20:28:57 +0000 > Tom H <tomh0...@gmail.com> wrote: >> On Fri, Oct 25, 2013 at 7:41 PM, <recovery...@gmail.com> wrote: >>> On Fri, 25 Oct 2013 12:31:55 -0600 >>> Bob Proulx <b...@proulx.com> wrote:
>>>> Sudo has been on >>>> HP-UX, SunOS, Solaris, IBM AIX and others for many years. It isn't >>>> anything new. It is a good worthy tool. >>> >>> This is not entirely correct. Sudo is considered third-party software >>> in HP-UX (HP merely builds it and doesn't install by default), AIX (not >>> provided by IBM and therefore not supported) and Solaris (third-party >>> software without any support in versions =< 10). About the only >>> exception is Solaris 11 which provides sudo in default install (and it >>> is configured the same way as in Ubuntu by default). >> >> Solaris has had pfexec since Solaris 8. > > Yes, but pfexec is not sudo. And privilege-aware Solaris shells are > definitely not sudo too. It might not be sudo but it's the same principle of privilege escalation. sudo's simpler to set up so I've yet to work at any Solaris shop where it hasn't been installed (it's not necessarily used though; I moonlight at two companies where telnetting as root is the norm...). >>> Considering that primary usage of sudo is to provide controlled >>> privilege escalation to uid=0, using unsupported (therefore - not >>> updated unless local sysadmins care about security) sudo on these OSes >>> is basically equivalent to giving everyone uid=0. >> >> Somewhat exaggerated :) > > No offense meant, but probably you're living in a some kind of IT > paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of > paradise. Not updating/patching sudo isn't equivalent to giving everyone root access! It's a BIG leap! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=syowajfhff+4y-m52cew4odcyhog894yufxtgbnyxk...@mail.gmail.com
