FW: Adding OpenBSD sudo to the FreeBSD base system?
From: Stephen Major (smajor_at_gmail.com)
Date: 07/21/05
- Previous message: asym: "Re: Adding OpenBSD sudo to the FreeBSD base system?"
- Maybe in reply to: Joachim Strömbergson: "Adding OpenBSD sudo to the FreeBSD base system?"
- Next in thread: asym: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: asym: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Maybe reply: Stephen Major: "FW: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: Poul-Henning Kamp: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: Kurt Seifried: "Re: Adding OpenBSD sudo to the FreeBSD base system?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <freebsd-security@freebsd.org> Date: Thu, 21 Jul 2005 10:13:41 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I really do not agree with adding it to the base system.
Just because you guys use sudo does not mean other people do.
In fact many people do not have a use for sudo at all.
Not every one gives out root accounts. You are only adding another utility
In that can possibly be used to escalate privileges.
Every time I secure a system I spend some time removing files that are never
Needed and would not want people to access. So you are saying I would have
to add another one to the list?
Su works just fine for 60% of the people out there! Leave sudo in the ports.
You do not see a bunch of people asking to make apache part of the base
system. Really there is no difference in what you are asking. Just another
program that is not going to get used by everyone.
- -----Original Message-----
From: owner-freebsd-security@freebsd.org
[mailto:owner-freebsd-security@freebsd.org] On Behalf Of Xin LI
Sent: Thursday, July 21, 2005 8:53 AM
To: piechota@argolis.org
Cc: freebsd-security@freebsd.org; Dima Dorfman
Subject: Re: Adding OpenBSD sudo to the FreeBSD base system?
* PGP Signed by an unknown key: 07/21/05 at 08:52:41
On Thu, Jul 21, 2005 at 10:23:33AM -0500, piechota@argolis.org wrote:
> > FWIW, I don't see any reason to include sudo in the base system. It's
> > something that I install on every computer, but I don't mind building
> > the port or installing it from a package. Unlike some of the other
> > things I usually want on every system (e.g., emacs), it's small and
> > doesn't have any dependencies, so it's not a problem to install it as
> > soon as the system is online. That said, I wouldn't object to having
> > it in the base, either.
>
> I see two reasons for a "nay" vote: If we put everything a group of people
> find useful in the base system, we're going to end up with soemthing like
> Redhat, where there's tons of software the rarely gets used. Secondly,
> some 'customers' have a very dim view of sudo (mostly for bad reasons, but
> they ban it anyways).
My reasons for why not to have sudo(1) in our base is that:
- It is actively maintained and generally speaking it won't be hard to
build/install from ports collection.
- It provides another way of utilizing privileges, and needs careful
configuration.
- We do not have a killer application to ease maintaince of the
configuration (yet).
The reasons why it can be in our base is that:
+ It is cool because fine grained access to the privilege is possible,
and it is the tool that I will want to install on every boxes.
+ It's BSD licensed
So my position would be neutral. Personally I would prefer the following
scheme:
o FreeBSD Base System is what we "must have" in a basic Unix system,
including ls, cat, libc, your kernel, etc.
o A set of pre-built packages included in disc1 provides what most
people will want, and is small enough, e.g. sudo, c[vs]up, portaudit,
freebsd-update, better development environment or scripting languages,
e.g. python, etc. These ports are considered special or security
critical, maybe maintained under the src/ tree (or sort of), causing
every "make buildworld" with some symbol defined to cover upgrades
of them, but also permitting portaudit to check vulnerabilities on
these packages.
Of course this scheme would be complex to implement, so just my 0.02 RMB :-)
Cheers,
- --
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
* Unknown Key
* 0x1159888A
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)
iQEVAwUBQt/Xx6KXvLS903/FAQrQ0Qf/UP7nPTtgba6bgHn1VJPDjCkMRet0VgL8
CQV+W7JyXrI2Zz5VB7zL0SqJDMGJ+ipTyPkAKTzQk+/0a1zHvZBq5Wa6f9nQ+XWp
DLwfzUa1vzMsMCWFybfRSht+h+tN88wlJdkQX4X2N/kEQ6ldj0XYfJoPA7P9j5sS
toVWgKDop72uur+3S9FxyeM2Tug0qoMCjypmpIlZkkaub5iWlZaspl8FJIwaozGV
sBT3Z/HfKSsH5lQz1NJB5uqeNi23t4XXqzIpxEndHnXFvBguAHqTej04qcl6KBus
oXFQ4B4EiClULQjverLf2WTePiXB42rnpyuwganE2KQUFO0fncqDGQ==
=rBcb
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: asym: "Re: Adding OpenBSD sudo to the FreeBSD base system?"
- Maybe in reply to: Joachim Strömbergson: "Adding OpenBSD sudo to the FreeBSD base system?"
- Next in thread: asym: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: asym: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Maybe reply: Stephen Major: "FW: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: Poul-Henning Kamp: "Re: FW: Adding OpenBSD sudo to the FreeBSD base system?"
- Reply: Kurt Seifried: "Re: Adding OpenBSD sudo to the FreeBSD base system?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
