On Mon, Jun 11, 2001 at 09:10:40AM -0500, Dave Sherohman wrote: :That is a topic of much debate. In general, I fall on the "sudo is evil" :side of the fence, but the basic arguments are:
<snip> :anti-sudo: It allows you to give limited root access to certain users :without requiring that they know the root password. This allows an :attacker to obtain elevated privileges on the machine by discovering :only a user password instead of requiring that they find both a user :password and the root password. obviously I'm on the other side of this most religious debate :) First, I've seen alot of interesting (and just plain dumb too) ways of breaking into Un*x boxen, but never this one. More importantly, if someone gets a local user there's a very high likelyhood they can force root easily from there. My security policy is based on the presumption that any local account equates to root. If I was cracking a box and had a choice beween a local root exploit and using sudo, I'd take the sploit as sudo does logging which I'd then need to go erase. Like wise, if you don't trust a user with full root access, for the love of $DIETY don't give them sudo. I'm sure even if you restricted the commands to /bin/true someone could find a way to root. In practice the people who have sudo also have root and we use sudo mostly to leave an audit trail. -jon
