On 01/20/2009 08:23 PM, Tim Judd wrote: [...] > and I recommend against sudo because it's very design is a > man-in-the-middle type of scenario, and one typo by the sudo devs can > possibly make a mess out of things. > > I think sudo makes a lazy admin -- too easy to just run in and hit > something. > > I think sudo is a false sense of security. If a user trusts another, > and give sudo access, why not give the whole OS to them? > > Sudo's out there -- don't get me wrong, but you won't catch me dead with > a box with sudo installed. I think it's a very misleading tool. And > not to say they do -- but what if the devs put in a keygen...do you > monitor the sudo source code? > > And if I remember correctly -- the way sudo gets it's work done is a > SUID bit to root. Those are the devil's eggs that hatch and just cause > havoc. A rogue CGI calling sudo to do something on the website, buffer > overflow (with php!) and you've gotten rooted. > > No, no -- I hate sudo for it's own doing. It's going to eat itself alive. > > </rant> No flames please.
Have you read through the entire src tree? And the source of every software package you've ever installed? If so, it would be a drop in the bucket to read through sudo as well. I see that you sent your e-mail from a Windows box... P.S. There is a difference between a keygen and a keylogger. -- Benjamin Lee http://www.b1c1l1.com/
Description: OpenPGP digital signature