* Paul W. Abrahams (abrahams@acm.org) [040301 13:41]:
On Monday 01 March 2004 3:42 pm, Patrick Shanahan wrote:
sudo _should_not_ allow you to operate root priv w/o password unless you have specifically altered /etc/sudoers. And if you did, you apparently do not care about security.
It's not that one doesn't care about security. I for one don't like logging in as root and what if a cracker got in a replaced su or sux with something they wrote? How would you know? You wouldn't unless you had tripwire or something else. I have NO ONE in my /etc/sudoers file except myself and the entry is as follows.... ben ALL=(ALL) NOPASSWD:ALL This lets me do things like " sudo yast2 " and run it in X so that I can do what I need to do and as soon as the program exits ..poof.. everything is back to normal user. So if your trying to display programs and such remotely why not to it through an ssh tunnel?
Things like email viruses are another matter, but so far the virus writers don't seem to consider Linux mailers a worthwhile target.
This is true...because Mutt had a security issue not so long ago that would have been a nice target for script kiddies. But then again people who use mutt aren't easy to social engineer to just fire off anything at will. :) -- Linux User #147972 ---===--- mailto:ben@whack.org -- "There is no need to teach that stars can fall out of the sky and land on a flat Earth in order to defend religious faith."