Re: FW: Adding OpenBSD sudo to the FreeBSD base system?
--IbVRjBtIbJdbeK1C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2005.07.21 12:36:16 -0400, asym wrote:
> Personally, I would like to see sudo not only in the base system, but in
> the base system with a default configuration that mimics su(1) and thus
> replaces it entirely. The only difference is which password you need to
> provide. After a period for migration (or perhaps just in 6.x and noted =
in
> the release notes), su could become just a symlink to sudo.
Personally I would object to that. I use sudo, so I have nothing
against it (except it's default config), but the main reason the above
suggestion with replacing sudo with su is a bad idea:
[simon@zaphod:sudo-1.6.8p9] cat *.c | wc -l
16357
[simon@zaphod:sudo-1.6.8p9] wc -l /usr/src/usr.bin/su/*.c
572 /usr/src/usr.bin/su/su.c
For systems that has use for sudo the increased complexity of a setuid
root program can be accepted, but I see no reason to subjecting every
other system to the same increased risk without any benefit.
And for this argument, sudo's security record is also much more
important (compared to just importing it where it can be disabled).
In case people want to see what I'm talking about, go to
http://www.vuxml.org/freebsd/pkg-sudo.html .
(In case anyone should be in doubt; this mail is about su -> sudo, not
the general idea of importing sudo, I have commented on that).
--=20
Simon L. Nielsen
--IbVRjBtIbJdbeK1C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQFC3/NPh9pcDSc1mlERAr7mAKCzxz0ou4dZOcmgpzHCvQQiyj0X8wCgq7k9
Rc5UP55+Ahq6j32+3gRjYzU=
=sWbk
-----END PGP SIGNATURE-----
--IbVRjBtIbJdbeK1C--
討論串 (同標題文章)
完整討論串 (本文為第 4 之 12 篇):