-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I really do not agree with adding it to the base system. Just because you guys use sudo does not mean other people do. In fact many people do not have a use for sudo at all. Not every one gives out root accounts. You are only adding another utility In that can possibly be used to escalate privileges. Every time I secure a system I spend some time removing files that are never Needed and would not want people to access. So you are saying I would have to add another one to the list? Su works just fine for 60% of the people out there! Leave sudo in the ports. You do not see a bunch of people asking to make apache part of the base system. Really there is no difference in what you are asking. Just another program that is not going to get used by everyone. - -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Xin LI Sent: Thursday, July 21, 2005 8:53 AM To: piechota@argolis.org Cc: freebsd-security@freebsd.org; Dima Dorfman Subject: Re: Adding OpenBSD sudo to the FreeBSD base system? * PGP Signed by an unknown key: 07/21/05 at 08:52:41 On Thu, Jul 21, 2005 at 10:23:33AM -0500, piechota@argolis.org wrote:> > FWIW, I don't see any reason to include sudo in the base system. It's > > something that I install on every computer, but I don't mind building > > the port or installing it from a package. Unlike some of the other > > things I usually want on every system (e.g., emacs), it's small and > > doesn't have any dependencies, so it's not a problem to install it as > > soon as the system is online. That said, I wouldn't object to having > > it in the base, either. > > I see two reasons for a "nay" vote: If we put everything a group of people > find useful in the base system, we're going to end up with soemthing like > Redhat, where there's tons of software the rarely gets used. Secondly, > some 'customers' have a very dim view of sudo (mostly for bad reasons, but > they ban it anyways).My reasons for why not to have sudo(1) in our base is that: - It is actively maintained and generally speaking it won't be hard to build/install from ports collection. - It provides another way of utilizing privileges, and needs careful configuration. - We do not have a killer application to ease maintaince of the configuration (yet). The reasons why it can be in our base is that: + It is cool because fine grained access to the privilege is possible, and it is the tool that I will want to install on every boxes. + It's BSD licensed So my position would be neutral. Personally I would prefer the following scheme: o FreeBSD Base System is what we "must have" in a basic Unix system, including ls, cat, libc, your kernel, etc. o A set of pre-built packages included in disc1 provides what most people will want, and is small enough, e.g. sudo, c[vs]up, portaudit, freebsd-update, better development environment or scripting languages, e.g. python, etc. These ports are considered special or security critical, maybe maintained under the src/ tree (or sort of), causing every "make buildworld" with some symbol defined to cover upgrades of them, but also permitting portaudit to check vulnerabilities on these packages. Of course this scheme would be complex to implement, so just my 0.02 RMB :-) Cheers, - -- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information. * Unknown Key * 0x1159888A -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQEVAwUBQt/Xx6KXvLS903/FAQrQ0Qf/UP7nPTtgba6bgHn1VJPDjCkMRet0VgL8 CQV+W7JyXrI2Zz5VB7zL0SqJDMGJ+ipTyPkAKTzQk+/0a1zHvZBq5Wa6f9nQ+XWp DLwfzUa1vzMsMCWFybfRSht+h+tN88wlJdkQX4X2N/kEQ6ldj0XYfJoPA7P9j5sS toVWgKDop72uur+3S9FxyeM2Tug0qoMCjypmpIlZkkaub5iWlZaspl8FJIwaozGV sBT3Z/HfKSsH5lQz1NJB5uqeNi23t4XXqzIpxEndHnXFvBguAHqTej04qcl6KBus oXFQ4B4EiClULQjverLf2WTePiXB42rnpyuwganE2KQUFO0fncqDGQ==rBcb -----END PGP SIGNATURE-----
At 13:13 7/21/2005, Stephen Major wrote:>You do not see a bunch of people asking to make apache part of the base >system. Really there is no difference in what you are asking. Just another >program that is not going to get used by everyone.I'd take exception to this part. sudo does everything su does, and more, the question seems to be why NOT replace it? The (*)"60%" of people that su works fine for, could live with sudo with no real overhead and no dependencies. The other (*)"40%" of people that do replace su with sudo would have a small annoying bit of work negated. (*)I find your numbers highly suspect. Probably more like 85-90% of people don't care / don't know about sudo etc. ;) Making it part of the base system also negates part of the security issue associated with having it as a port -- we don't need to track every new whiz-bang version in the base like we do in ports, we just keep what works, apply security and bug fixes, and that's it.
Poul-Henning Kamp
2005-Jul-21 19:06 UTC
FW: Adding OpenBSD sudo to the FreeBSD base system?
In message <42dfd7c8.619f0abe.46ed.ffffca84@mx.gmail.com>, Stephen Major writes:>I really do not agree with adding it to the base system.If sudo imported into the system doesn't do any more damage than the filesystem space consumed, then I really cannot see any harm being done. If it were configured to DTRT (probably check membership the wheel group ?) I still can't see the problem. If sudo forces everybody to edit a config file, then there is a problem, but I seriously doubt that is the case. There are a lot of wise people who say that UNIX has stagnated for 20 of the thirty years it has existed, and sometimes I'm starting to see things from that side. One things that increasingly irritates me is that in UNIX it takes 60 lines to open a TCP connection because nobody could agree to adding a "nopen()" function to libc which would encapsulate those 60 lines of code. I see the same "spirit" at work here: "Dennis and Ken didn't approve of sudo, it is not documented in any POSIX_MISTAKE, and I never got around to get used to use it, so of course we cannot let it into FreeBSD!" Minimalism is good, but taken it to far is suicidal. Commit it! -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Uhh you people realize sudo is COMPLEMENTARY to su? All my Linux and OpenBSD systems (wait for it.....) have _both_ installed by default. Crazy huh? Some example commands: sudo ifconfig blah [enters own password] sudo su - [enters own password] sudo sendmail -q [enters own password] su - [enters root password] Whoa! what's #2? And what's #4? Holy cow! Folks, this is by far the stupidest argument/discussion I have ever seen on a security related mailing list (and I've been on BugTraq and Full-Disclosure for a long time so that's saying something). sudo is complementary to su, you can have both, and sudo has 0, repeat 0 (just to make sure) I repeat _0_ impact on su. It does not replace su. It does not change su's behavior. It does not break su. You can still use su as before, your script will work as expected (I promise). -Kurt Seifried
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 You are correct; I made a mistake on that one. Sudo should not be forced upon anyone. I do not care if sudo is part of the base system I just 100% disagree with you wanting to replace su with sudo Look the other post that came from the dude before is 100% correct this is a dumb argument. - -----Original Message----- From: asym [mailto:bsdlists@rfnj.org] Sent: Thursday, July 21, 2005 1:12 PM To: Stephen Major; freebsd-security@freebsd.org Subject: Re: Adding OpenBSD sudo to the FreeBSD base system? At 15:56 7/21/2005, Stephen Major wrote:>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >"All you need to do is uncomment that and viola, you have default su >behavior -- anyone in the wheel group allowed to sudo as any other user." > >Exactly! Every other user can sudo.How EXACTLY do you come to that conclusion? I imagine it has something to do with why you also decided to quote as you did, instead of letting the mailreader do it for you. Uncomment the line I indicated and every user IN THE WHEEL GROUP can sudo. EXACTLY how su works. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQEVAwUBQuAESqKXvLS903/FAQqMlAf/Rxji6EXKtCWpajvvdyKSy4ov4EeR8fr4 /Cw15RopA1vH8tJaGxM/f7R0pxGVOUAgfB7QAGU/1YEW50IW9pVct218PmwDRvq0 DeTf08RW/AV5CgXbHpN3gsxflKsdkq1suUSTzWVDvVrzi8+DMvJaa/w0TTlP97kk +BhsS3LpxY0ga58aBLxAHgEZoBuJPc6BRGZfnbPbISNTpv9rWsE5fj6brlZxLzOM SlUFhcyUzPARu2ZLdDbGRI6HSWPvr8zl/lLFhRdJ2kfOOkMYW/AB36mMIwF7slDR N7WvOppCxIP1AYNVH9ofc27U6qwL1U1tous4i6N1wL4NuXGeL3f4RQ==5Ruf -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Thank you!!! He is saying he wants it to replace su I do not care what they do with sudo as long as su does not get touched. And if it is a default in the base system a must would be to leave the ALL line commented out in the sudoers file. So people who do not want their users to have access to sudo are not stuck with it being a default. - -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Kurt Seifried Sent: Thursday, July 21, 2005 1:09 PM To: freebsd-security@freebsd.org Subject: Re: Adding OpenBSD sudo to the FreeBSD base system? Uhh you people realize sudo is COMPLEMENTARY to su? All my Linux and OpenBSD systems (wait for it.....) have _both_ installed by default. Crazy huh? Some example commands: sudo ifconfig blah [enters own password] sudo su - [enters own password] sudo sendmail -q [enters own password] su - [enters root password] Whoa! what's #2? And what's #4? Holy cow! Folks, this is by far the stupidest argument/discussion I have ever seen on a security related mailing list (and I've been on BugTraq and Full-Disclosure for a long time so that's saying something). sudo is complementary to su, you can have both, and sudo has 0, repeat 0 (just to make sure) I repeat _0_ impact on su. It does not replace su. It does not change su's behavior. It does not break su. You can still use su as before, your script will work as expected (I promise). - -Kurt Seifried _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQEVAwUBQuACHqKXvLS903/FAQrJ6QgAsUTD2kvgFPvjjadyb2btN3xWwtEMhyxV nHd1innapH88wcvolXXaNQEGTy7+ZYdiTuJqhud7Whq5vDA7yBfPnzyY8MrdWHtt w64qQPgpwlPRs9J7TH08R/oWmgJhsC1k/vz3oYu9n4cmz/ElLVKBQMzkYZykOEE5 04qHhfFogTudLDZ0AO3ArD3OWV7trTZjDFvJ5sE9AOHofjx2LY9Rxc41+l0Sb5K/ g68PvFtspkRjLhrv41H0NQFEmr/RNiktCfanhdVfbsHfwCnUzp1zbt8uFxfn80t5 mv2ZDG/DwWx4IY6eP/y3U12Bj6cQJlcRDh2WO9Nu84KNoDEiggUhZw==KXmy -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I apologize to everyone for the argument flood I should have phrased my statement differently, My intentional statement to him was to not replace su and to not have sudo enabled by default whether it is added to the base system or not. Everyone does not use it and should not be required to use it. I apologize again for not stating this correctly in the first message. Respectfully, Stephen -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.1 (Build 2185) iQEVAwUBQuAHvaKXvLS903/FAQpw0Af+Py4k2H6bALRiLKWGp2DTY5frHmudtZJZ /BWye4WYc5/u5ihvTFGNdb+SAFsazwGKwgV2d3/eolW2LDQkKW3+tMiiu0U/pJm5 3fJz/jrsnnVKf2Kxy6fHInL69EZiXlUDxUEjC1UsUCfzgFD8VssWvjqUdi8XZ6/d qvy3EPxNGN4vjNx3R1rtWhcmfKauHCWWTDH0v+UGtqty2HXabHQp1cqfyR4zfTVN kNgCbeLMK0UTkGP92UIzwg6Mv0XFxP2VzZM5LzkiyOO5NBL81dwrRT1e3yyZffRq G5I1325yqA/5htIQIBxc/PVy9fXrlnvl9fL3VUTNCPqFXGDdfGjecQ==nqEx -----END PGP SIGNATURE-----
Stephen Major wrote:>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >You are correct; I made a mistake on that one. > >Sudo should not be forced upon anyone. >I do not care if sudo is part of the base system >I just 100% disagree with you wanting to replace su with sudo > >Look the other post that came from the dude before is 100% correct this is a >dumb argument. > > > >If sudo offered the opportunity for more features, but by default behaved exactly the same way as su, I would see no disadvantages to replacing su with sudo. Am i missing something?