[Wolves] More Ubuntu woes...

sparkes sparkes at westmids.biz
Wed Dec 22 21:28:36 GMT 2004


Stuart Langridge wrote:

> 
> If the former, then I'd be very interested to hear why you think that 
> the use of sudo is an insecure thing; I don't believe that it is, and 
> it's in line with security best practice, so if there's something 
> inherently bad about that approach then do please let us know!

it's because once you sudo you run commands as root for the default 10 
mins setting (I think this is default anyway) which is probably a bit 
long.  I use sudo all the while but for one command at a time and think 
the default time out is a potential hole.

If you are incrediblly gullable you could be conned into running a silly 
command while sudo is still in effect.  This would make local exploits 
potential root exploits which is why security peeps don't think ubuntu 
made the best choice.  But the guys working at cannonical are very good 
people who have making security choices and the default ubuntu is the 
most secure (normal) distro I have ever used out of the box.

That said I can't tell Tim how to change the default sudo settings or 
how to add root (but you can sudo /usr/bin/bash (I think) to get a root 
shell) because I apt-get dist-upgraded from sid to hoary and did all my 
set up months ago while running debian.
> 
> If the latter...then you're wrong :) As I said above, using sudo is in 
> line with best practice; logging in as root is, basically, a bad thing, 
> and sudo helps avoid that. That's why sudo exists...

yup, hence the fact I use sudo all the while and only log in as root to 
fix filesystem errors.  Sudo for everyday admin is 100% the best thing 
to do.  The benefits far, far out weigh the problems.

> 
> Aq.
> 
> 

sparkes



More information about the Wolves mailing list