root vs user. installing firefox

Bruce Dubbs bruce.dubbs at gmail.com
Sun Dec 21 00:05:57 PST 2008


Agathoklis D. Hatzimanikas wrote:

> Using sudo without a password should be discouraged at any chance and
> should be avoided.

That depends on the system.  Who has access to it is an important factor.
Convenience and security are always trade offs.  On a system where we are 
building lfs/blfs, it really shouldn't matter until and unless it is put into 
"production" and contains something you want keep provate.

For instance, my systems sit behind a firewall that is set up so that nothing 
can initiate a tcp or udp communication from the outside.  On the inside, I'm 
the only user.  I choose to have sudo available to me without a password.  Is 
this a vulnerability?  Sure.  But one I know about and am willing to accept. 
Could it be compromised?  Highly unlikely but I suppose its possible through a 
browser hack.  Running Windows would be a much greater risk.

> Unfortunately there is a relative line in the shipped sudoers and I am 
> thinking that maybe it will be wise to eliminate it with a sed (anyone
> cares to open a ticket?, 

Which line is that?

> I have a bad reputation in blfs dev team,
> regarding this issue, thus I can't do it myself), so it won't be exposed
> anymore.

What are you talking about?

   -- Bruce



More information about the blfs-support mailing list