[conspire] (forw) Re: [sf-lug] sudo problem for users

[Rick Moen]

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Mon, 1 Feb 2021 12:54:22 -0800
From: Rick Moen <rick at linuxmafia.com>
To: sf-lug at linuxmafia.com
Subject: Re: [sf-lug] sudo problem for users
Organization: If you lived here, you'd be $HOME already.

Quoting Bobbie Sellers (bliss-sf4ever at dslextreme.com):

>     I checked and no one has noted anything about this problem.
> 
> 10-year-old Sudo bug lets Linux users gain root-level access
> The vulnerability, named "Baron Samedit," impacts most Linux
> distributions today.
> 
> By Catalin Cimpanu for Zero Day on January 27, 2021  Topic: Security
> Well there is supposed to be a fix for the afflicted out there already
> but if you want to read the full article the story is at the URL below
> <https://www.zdnet.com/article/10-years-old-sudo-bug-lets-linux-users-gain-root-level-access/>
> 
>     We have a very long file on PCLinux Forums relating why the way
> Ubuntu et al uses "sudo" is dead wrong, dangerous and backward.

I concur.

As to the bugginess of sudo itself, that's a headache for multi-sysadmin
sites where there's little practical alternative to sudo.  For simple
usecases, though, like single-admin systems, IMO it's a situation like
with my standard joke about Facebook.  The easiest way to fix Facebook
problems is to eschew Facebook.  No Facebook, no Facebook problems.

There's something to be said for occasionally avoiding X problems by
avoiding X.  Recently, my friend Steve Litt in Orlando wanted me to give
his GoLUG a talk about the mutt MUA, which he's always found intriguing
but claimed he had performance issues getting access to mail over IMAP.
He asked me how I solve those.  I said 'Gee, Steve, I'd love to be able
to help you, but when we all decided that POP3 was too insecure back
in the 1990s, I decided to go with None of the Above.  I read my mail by
ssh'ing into my Linux server where my mail lands in /var/mail/rick and 
just fire up mutt there.  I don't need to bring the mail to me using
IMAP.  I just go to the mail."

No IMAP, no IMAP problems.

(Not that there's anything wrong with IMAP -- but I simplify my life by
avoiding needing it.)

----- End forwarded message -----