Mail-followup-to: MacOS X Server List <email@hidden>
User-agent: Mutt/1.2.5i
On 2006-08-22 JC Derr wrote:
> On Aug 22, 2006, at 12:21 AM, Ansgar -59cobalt- Wiechers wrote:
>>> I like sudo since it logs the commands. True that it if you switch
>>> the shell with -s you don't get further logging, but at least you
>>> can see who changed to a root shell.
>>
>> True, but the same goes for "sudo su", only that the logged command
>> is "/usr/bin/su" instead of "/bin/bash".
>
> logging aside, it's an escalation of privileges defeats the entire
> purpose of 'sudo'.
>
> su asks for the root password and executes any command as root.
*sigh*
Not when executed via sudo.
> sudo asks for your password, does some common sense checking on the
> tool you're invoking, on any dynamically linked libraries it uses,
> and then invokes it with a stripped down environment to further lower
> the risk that any surviving malicious code might present.
A "stripped down environment to lower the risk ..." when talking about
running a root shell? You're kidding me, right?
Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
