Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

gpsd-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

From:	Bernd Zeimetz
Subject:	Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Date:	Sat, 16 Jan 2021 21:10:43 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

On 1/15/21 8:42 PM, Gary E. Miller wrote:

>> ... _presented unsubstantiated_ as it is,
> 
> Google is your friend.  Pay particular attention to UNIX rootkits.

oh my.
If I'd want to give you a rootkit, the first thing it would do is to put
a new su command into you path.
Saying that su is more secure than sudo is just silly.

>> Yeah, basically--but more specifically: fail early, fail loudly,
>> and fail benignly, i.e. fail out _before_ / _instead of_ doing
>> whatever damage you're concerned might result from `running normally
>> but with sudo'.

For me the question is: why does it fail at all. Looking trough the code
I didn't find a reason why it should fail.

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration", (continued)

Prev by Date: Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Next by Date: Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Previous by thread: Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Next by thread: Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Index(es):
- Date
- Thread