Sudo even more secure

Darren L xlr8me at gmail.com
Wed Mar 22 17:20:24 GMT 2006 

There was a mention on slashdot a couple days ago talking about how "sudo
-s" doesn't get logged at all and provides you with a nice root shell on
OSX.

Anyone here able to take a few minutes and check how this functions under
ubuntu?



On 3/22/06, John Richard Moser <nigelenki at comcast.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Jan Claeys wrote:
> > Op wo, 22-03-2006 te 01:38 -0500, schreef John Richard Moser:
> >> Similarly, the synaptic-apt-dpkg stack could be modified to take
> >> --jradmin to mean that ONLY signed packages could be used; ONLY the
> >> repositories given can supply packages; repositories CANNOT be
> >> modified; and the GPG keys CANNOT be changed.  This would allow for
> >> software installation and removal without opening a hole re 'dpkg -i
> >> baseutils_upgrade_with_rootkit.deb'.
> >
> > This reminds me about something I have been thinking about for some time
> > now: I think (something like) apt & dpkg doesn't/shouldn't really *need*
> > root privileges, except for some limited number of system packages?
> >
>
> You definitely want root access on package management.  Otherwise users
> can remove other users' packages; install trojans and viruses; etc.
>
> >
>
> - --
> All content of all messages exchanged herein are left in the
> Public Domain, unless otherwise explicitly stated.
>
>     Creative brains are a valuable, limited resource. They shouldn't be
>     wasted on re-inventing the wheel when there are so many fascinating
>     new problems waiting out there.
>                                                  -- Eric Steven Raymond
>
>     We will enslave their women, eat their children and rape their
>     cattle!
>                                      -- Evil alien overlord from Blasto
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIVAwUBRCGEgAs1xW0HCTEFAQKpuQ/+I/IbhY0YUgg6g6ywX/TWJsJKy0X+AzMO
> dW4D05qcCbAIUlqwze6xTTIWeabkvqCcpDoGgHrrap/rp7RRZH4U1cobvY4cABit
> +6yV9/GnRb5dbupNiPJxHwnuXh1VLVLyjJb86phUx8bTsVoUfOv/N/iNY2QN7gfU
> Y4dvvmmzepj4G+d2B97HjkkTrEJawmfjRbG8a/8UiT5oB1nqqs0gaS23M3NFhsIA
> J+lCLv/qG9h2bnMR1tzYUeEHZa56TOgCcBDRskkpFamaYEVwc+kP0MgOPPY8BrLZ
> iYWe9jqLn+uUAD2zUk/+ZbUx0V0ZuNJ2P2rGU6VpNHlYjyTJuyweZmDjhkFLBIKR
> LxHvw1eRwRanFdTiACUuAo2ZiU/ewQ/332SV2kEA9c1aAj/GpPdm1WfDlG+0N7kU
> EayA48FHOSqXnhL9KV+NFIHFwks5bJSfksBAiiYaTM1Xy7s4iKTzdq32soMCe861
> uf4a0pZFw5OWtEf5f2C1TdV2QGz8eV5YPix4kwghgGdAjTMT0MH8NYFZP1/8klNb
> Fc+EQ3PTGmnpLgCvml+17vcpwkh5mZbjmmRRXiHoOgFR0iW4GNPVu0gpEgBTHmwo
> /dfSI63dtOc6wq6LC04ioz8Cx+WUxNLXzdzuQJV/SRZzZZbb3SYsn2Tw9Q2yg1MF
> nHkRMhbTqDk=
> =Trrs
> -----END PGP SIGNATURE-----
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060322/8e2b21a7/attachment-0001.htm

More information about the ubuntu-devel mailing list