Misconfiguration of sudo is insecure (Was: Sudo even more secure)

Matthew East mdke at ubuntu.com
Sat Mar 25 10:44:45 GMT 2006


On Fri, 2006-03-24 at 20:50 +0000, Paul Sladen wrote:
> On Thu, 23 Mar 2006, Yuki Cuss wrote:
> > Please try `sudo -i'. You may find it is a more secure option.
> 
> No.  NO.  Please, no.
> 
> Now you have a shell open where *every* command you type is running with
> unchecked priviliges and it the commands _aren't being logged_.

I don't understand the problem with this. Two senior Ubuntu developers
have recommended the use of this flag with sudo for getting a root
terminal. Can somebody clear this up, because as far as I know 'sudo -i'
is a perfectly safe option and can be recommended in the documentation. 

Matt
-- 
mdke at ubuntu.com
gnupg pub 1024D/0E6B06FF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060325/b77af1ea/attachment.pgp


More information about the ubuntu-devel mailing list