Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Gary E. Miller]

Yo Bernd!

On Sat, 16 Jan 2021 21:10:43 +0100
Bernd Zeimetz <bernd@bzed.de> wrote:

> On 1/15/21 8:42 PM, Gary E. Miller wrote:
> 
> >> ... _presented unsubstantiated_ as it is,  
> > 
> > Google is your friend.  Pay particular attention to UNIX rootkits.  
> 
> oh my.
> If I'd want to give you a rootkit, the first thing it would do is to
> put a new su command into you path.

Same applies for a new sudo.

The tick is, I can hack you with sudo without putting anything in your
path.

> Saying that su is more secure than sudo is just silly.

Not requiring passwords for root is silly.  Letting any old phishing
app hook you.

> >> Yeah, basically--but more specifically: fail early, fail loudly,
> >> and fail benignly, i.e. fail out _before_ / _instead of_ doing
> >> whatever damage you're concerned might result from `running
> >> normally but with sudo'.  
> 
> For me the question is: why does it fail at all. Looking trough the
> code I didn't find a reason why it should fail.

As I expected, you don't understand how sudo works then.

Trying the examples, with sudo, will teach you something.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

pgpC7DQQcv6FQ.pgp
Description: OpenPGP digital signature