freebsd security - Jul 2005 - Adding OpenBSD sudo to the FreeBSD base system?

Aloha!

(I've Googled around a bit, but failed to find much previous posts about 
this though I'm sure it has been discussed...)

Have anybody (in core etc) considered adding a sudo implementation to 
thr FreeBSD base system. At least for me, sudo is an important part of 
implementing good security policy in FreeBSD.

Yes, it is available as a port, but in a similar fashion of for example, 
isn't sudo important enough to be included as an imported tool in the 
base system?

My thought was to sync/import the sudo implementation from OpenBSD. Bad 
idea?

-- 
Med v?nlig h?lsning, Cheers!

Joachim Str?mbergson
===========================================================================Joachim
Str?mbergson - ASIC designer, nice to *cute* animals.
     snail:                  phone:                     mail & web:
?stra Eriksbergsgatan 74  +46 31 - 12 14 01         watchman@ludd.ltu.se
417 63 G?teborg           +46 733 75 97 02       www.ludd.luth.se/~watchman
============================================================================

On 2005-07-19 11:16, Joachim Str?mbergson <watchman@ludd.ltu.se>
wrote:
> Aloha!
>
> (I've Googled around a bit, but failed to find much previous posts
about
> this though I'm sure it has been discussed...)
>
> Have anybody (in core etc) considered adding a sudo implementation to
> thr FreeBSD base system. At least for me, sudo is an important part of
> implementing good security policy in FreeBSD.
>
> Yes, it is available as a port, but in a similar fashion of for example,
> isn't sudo important enough to be included as an imported tool in the
> base system?
>
> My thought was to sync/import the sudo implementation from OpenBSD. Bad
> idea?
Maybe not so bad if the OpenBSD version of sudo has useful enhancements
of any sort (i.e. has gone through a thorough security audit, or it
includes features that are not available through the Ports version,
or if the OpenBSD sudo uses a BSD and not an ISC-style license).

- Giorgos

<<On Thu, 21 Jul 2005 12:36:16 -0400, asym <bsdlists@rfnj.org> said:
> Personally, I would like to see sudo not only in the base system, but in 
> the base system with a default configuration that mimics su(1) and thus 
> replaces it entirely.  The only difference is which password you need to 
> provide.  After a period for migration (or perhaps just in 6.x and noted in
> the release notes), su could become just a symlink to sudo.
su(8) already has the behavior you want.  (Now implemented in a PAM
module, and I forget the precise details.)

-GAWollman