Reco <[email protected]> writes: > Tom H <[email protected]> wrote: >> On Fri, Oct 25, 2013 at 9:16 PM, Reco <[email protected]> wrote:
>> >>> Considering that primary usage of sudo is to provide controlled >> >>> privilege escalation to uid=0, using unsupported (therefore - not >> >>> updated unless local sysadmins care about security) sudo on these OSes >> >>> is basically equivalent to giving everyone uid=0. >> >> >> >> Somewhat exaggerated :) >> > >> > No offense meant, but probably you're living in a some kind of IT >> > paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of >> > paradise. >> >> Not updating/patching sudo isn't equivalent to giving everyone root >> access! It's a BIG leap! > > True, you need to add to the picture that curious user who just read on > Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that > disgruntled user who needs /etc/system changed right here and now. Or > that developer who needs to do this 'small change, nobody will notice' > on a production server. > And if you don't have such people there - good for you, as here we can > always find such person here. You also have to add to the picture such a vulnerability, and I haven't noticed any. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
