On Fri, 31 Oct 2003 at 00:14 GMT, Johannes Zarl penned: > > --Boundary-02=_nlao/nYI2HXprUI > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > Content-Description: signed data > Content-Disposition: inline > >> >>=3D20 People keep talking about sudo like it's the cat's meow, and maybe >> >>for a single-user system it is. But sudo documentation very >> >>explicitly warns that, if you're not careful about what you allow, you >> >>could accidentally allow access to far more than you expected. >> > >> >=3D2E..it seems like a good idea on a single-user machine to allow sudo >> >dpkg -i... sudo dpkg -i make_bash_setuid_root.deb >> >> I'm a bit confused ... you snipped out the part where I said that it's >> probably fine for a single-user machine, then added your own comment to >> that effect, and instructions for installing it ... >> >> For the record, I have it installed. But I still think that espousing >> sudo as a panacea, without encouraging people to read the documentation >> and understand the potential pitfalls, is not the right thing to do. > > I think you got Colin wrong there (Colin please correct me if *I* got you=20 > wrong:) . Colin just gave an example how easy it is to exploit the=20 > sudo-privilege for using dpkg.
Ah, shoot, you're right. I totally glossed over the sudo example he suggested. I blame work; it totally gets in the way of concentrating on important stuff, like debian-user. Sowwy! Btw, does Colin = Pigeon? I'm confused on that count as well =P -- monique PLEASE don't CC me. Please. Pretty please with sugar on top. Whatever it takes, just don't CC me! I'm already subscribed!! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
