Package: sudo Version: 1.9.15p4-2 Severity: important Dear Team,
it has recently come to my attention that the sudo package contains sudo_logsrvd, a daemon which can collect event and "I/O logs" from sudo. Judging from the SECURITY NOTES in sudo(8), this means logging the complete input and output of a command invoked via sudo. In #1059896, Tolimar suggests adding OpenSSL support so that the input/output is not send unencrypted over the network. The more I think about this the more we need to do. At the current state, the package doesn't conform to what I expect of a Debian package. Should we: (1) remove sudo_logsrvd from the package with no replacement? (2) move sudo_logsrvd to its own package with proper systemd unit etc bla foo (3) continue shipping an unconfigured daemon without execution infrastructure even to clients that will never run it and (orthogonal to the upper options) (a) continue to ship things wihout OpenSSL (b) enable OpenSSL, pulling in an additional dependency also for sudo That leaves us the choice (1), (2a), (2b), (3a), (3b) I currently don't see myself in a position to provide proper support for Options (2b) and (3b), and while (2a) is considerably easier it's probably beyond my current personal limits as well. So, if things are going to continue that I am the one doing the bulk of the work, we're probably stuck with (1) or (2a). An independent solution would be to continue shipping sudo.deb in a minimal configuration, and having a new sudo-extended.deb that can support plugins, SSL, bells and whistles, but just with supported sudo => sudo-extended migration path and explicitly not providing a migration path back from sudo-extended to plain sudo. But all this can only be done after sudo-ldap is gone as this is a horrible mess to package that we NEED to get rid of. I'd like to hear your comments. Greetings Marc
