Reco <recovery...@gmail.com> writes: > Tom H <tomh0...@gmail.com> wrote: >> On Fri, Oct 25, 2013 at 9:16 PM, Reco <recovery...@gmail.com> wrote:
>> >>> Considering that primary usage of sudo is to provide controlled >> >>> privilege escalation to uid=0, using unsupported (therefore - not >> >>> updated unless local sysadmins care about security) sudo on these OSes >> >>> is basically equivalent to giving everyone uid=0. >> >> >> >> Somewhat exaggerated :) >> > >> > No offense meant, but probably you're living in a some kind of IT >> > paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of >> > paradise. >> >> Not updating/patching sudo isn't equivalent to giving everyone root >> access! It's a BIG leap! > > True, you need to add to the picture that curious user who just read on > Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that > disgruntled user who needs /etc/system changed right here and now. Or > that developer who needs to do this 'small change, nobody will notice' > on a production server. > And if you don't have such people there - good for you, as here we can > always find such person here. You also have to add to the picture such a vulnerability, and I haven't noticed any. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1b38nmdqfg....@snowball.wb.pfeifferfamily.net
