sudo without password

Adriano Varoli Piazza moranar at gmail.com
Wed Jun 7 09:03:44 UTC 2006 

2006/6/7, Michael T. Richter <ttmrichter at gmail.com>:
>  On Wed, 2006-07-06 at 02:04 -0400, Scott Kitterman wrote:
>  > > > Note that doing this is a very bad idea from a security standpoint....
>
>  > > And none of this makes the slightest difference to the well-being of the
> > > single most important stuff on your computer: Your own files.
>  > > So.............. a 'very bad idea from a security standpoint'... hardly.
>  > This is a point that seems to be missed in the UNIX community a lot: the
> > vast majority of computer users no longer run on time-shared, multi-user
> > systems.  "Security" is "me and my files" not "my system because if it
> > goes down hundreds of others are inconvenienced".

Certainly. Networked businesses don't exist anymore, sure. I realize
this is Ubuntu, and it's designed for end users, but that doesn't mean
that security isn't both concepts at once. You can't afford to pretend
that your little bittybox is all alone in the world, because it's not
anymore.

>  If I screw up and compromise my machine and give it over to some
> spammer/phisher/[insert favorite net crime here], then I've hurt the entire
> internet.
>
>  How nicely full of hubris.  "My little laptop will bring down the Internet."

Hyperbole and exaggeration won't help you here. If a worm turns your
pc into a spambot you _are_ hurting the internet, beginning with the
people that share bandwidth with you and ending with me receiving the
spam. Trying to play it down only makes it worse. Do I need to remind
you that we're in this position precisely because people didn't know
or took your approach to security and privacy on the net? As far as I
see, Internet connectivity is going up, not decreasing.

>  UNIX was designed long before there was an Internet.  And its security model shows it.  > (Sudo is an afterthought, not the primary model.)  A modern security model would be
> capabilities-based -- you know, two generations of security architecture past what UNIX
> was designed with.

You seem to imply that just because Unix was started 30 years ago, it
hasn't improved. Please, the fact that sudo is there demonstrates the
opposite. And a "capabilities" model is in place, using groups and
permissions adequately. The fact that nobody bothers implementing it
correctly is another thing. And last I saw, try creating a new user
with useradd and see how far you get on Ubuntu.

-- 
Adriano Varoli Piazza
The Inside Out: http://moranar.com.ar
ICQ: 4410132
MSN: moranar at gmail.com

More information about the ubuntu-users mailing list