sudo security concerns ?

Karl Hegbloom hegbloom at
Fri Nov 26 15:47:32 CST 2004

On Fri, 2004-11-26 at 13:37 -0800, Lloyd D Budd wrote:
> > At the very least, this issue should be documented in the manuals.  Warn
> > users not to do that.  Explain the possibility, tell them not to do
> > that.
> Which manual ?  I do not think anyone is working on "that" manual yet
> -- though how is it different from detailed information on sudo . 
> Please do not put it in the general user's guide as it is distracting
> and extraneous for most people .

The systems administration manual, I suppose.  UID 1000 needs to know,
certainly.  Other users (family members?  student computing lab users?)
won't be given full sudo access anyhow, most likely, so their accounts
won't be as vulnerable.

> > This situation with Sudo looks to me like a relatively easy
> > target to hit...
> Easy to you who has made it clear that you do not know much about sudo ?!

Perhaps true.  I should research the issue further indeed, including
reading the source to 'sudo' itself.  I wish I had more time...  I need
to get ready for final exams...  But I can put in 1 hour a day on this.

> If you want a locked down Linux choose a distro that specializes in
> that , but the current available distributions are not "accessible" to
> many people .
> Everything is a balancing act between many factors including security
> and usability .  I am sure everyone would be excited by you designing
> solutions that balance the security and usability concerns as well as
> considering the huge number of other factors .

The main thing is that we don't want 'outbreak express' and the whole
anti-virus FUD racket preying on the users of the Linux platform.  We
want to be virus proof and spy-ware proof from the get-go.  We want our
platform to be part of the solution, not part of the problem.

Improved security IS improved usability.

    Karl Hegbloom
(o_  mailto:hegbloom at
//\   jabber:karlheg at
V_/_   yahoo:karlheg

More information about the ubuntu-devel mailing list