[NTLUG:Discuss] Re: SuSE 9 or 9.1 PATH environment changes after su -- some sudo defaults != security?

Bryan J. Smith b.j.smith at ieee.org
Mon Sep 13 14:32:37 CDT 2004 

On Mon, 2004-09-13 at 14:49, Chris Cox wrote:
> Oh yes... certainly sudo can be the biggest security hole
> in the world!  Definitely!
> Yep... probably should have more commentary on the primary 'example'.

I don't like to cut down distributions.  Unfortunately, one distribution
has repeatedly given various "new technologies" a bad name because it
implements them rather incompletely and hastily.

I assume we're thinking of the same one.

[ SIDE NOTE:  There is a difference between testing a individual Linux
"software" package, and integration testing an entire "distribution" of
Linux.  The latter actually takes a concerted, coordinated effort. 
Microsoft, SCO and other commercial OS vendors like to harp on the
latter, while Open Source advocates often only think of the former. ]

> For the ignorant... no.  Just trying to find a non-su soln
> to your problem.  I don't like what sudo is doing here... just noting
> that it skirts the issue.

Well, considering the en masse deployment of people that don't even use
man pages, let alone the history, it is elitist for me to think they are
just "ignorant."  So I dropped that adjective in my prior post.  I will
leave it to "new."

This whole thread started because someone said Red Hat was "broken"
off-list, and then posted a portion of the discussion on-list.  Red Hat
isn't "broken" any more than most UNIX flavors, and adopts LSB
compliance in newer versions.

The problem is that LSB does not dictate how "su" v. "su -" should
operate by default.  So even Red Hat and SuSE, both implementing the
latest "secure" PATH, seem to have 180 degree approaches from each
other.


-- 
Bryan J. Smith                                  b.j.smith at ieee.org 
------------------------------------------------------------------ 
"Communities don't have rights. Only individuals in the community
 have rights. ... That idea of community rights is firmly rooted
 in the 'Communist Manifesto.'" -- Michael Badnarik

More information about the Discuss mailing list