this post was submitted on 30 Apr 2024
79 points (92.5% liked)
Linux
5314 readers
452 users here now
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This sounds like a great improvement. I have read the sudo source code and anyone that seriously thinks there's no problem with it being SUID is crazy.
That said the whole security model of sudo makes no sense. As soon as you can access a sudoers' account you can trivially steal their password by MitMing sudo and waiting.
I think that is a bit strong. Sure, you aren't gaining much protection if you just allow
sudo -su root
but there are a lot of valid use cases.