Author: Adrian Bridgett Date: To: Hampshire LUG Discussion List CC: stephen.davies Subject: Re: [Hampshire] Result of the Ubuntu Challenge
On Sun, May 13, 2007 at 09:07:13 +0100 (+0100), Sean Gibbins wrote: > Care to explain why you, and, if you don't mind speaking on behalf of
> someone else, your former employer consider sudo so insecure?
I think the ubuntu way is best for most desktop linux users. Anyone
using it for a server will no doubt set the root password (hopefully
restricting it to local login only - no ssh).
I'm a sudo fan, I only _ever_ use root directly (as opposed to via
"sudo" or "sudo su") when my user account is broken.
Apart from the fact that it allows me to grant selected privileges to
users, it also means that I don't need to tell people the root
password. This means that when someone leaves, I just remove their
account.
However, I do not use sudo on my firewall. The reason is that sudo
has had security problems in the past. Looking at the debian changelog:
- clean SHELLOPTS/PS4 - CAN-2005-2959 (Sep 2005)
- race condition in pathname validatin (Jun 2005)
- fix environment santizing (Nov 2004)
- fix problem with crafty prompts (Apr 2002)
