# Sudo bug



## Minbari (Oct 15, 2019)

Potential bypass of Runas user restrictions


----------



## k.jacker (Oct 15, 2019)

Fix already landet in ports yesterday.
Anyway, security/sudo is a bug in itself, so not much of a change IMO.


----------



## Minbari (Oct 16, 2019)

k.jacker said:


> Fix already landet in ports yesterday.
> Anyway, security/sudo is a bug in itself, so not much of a change IMO.


security/doas it's an alternative.


----------



## k.jacker (Oct 17, 2019)

Minbari said:


> security/doas it's an alternative.


Yes, I know, thank you.
It's a very good alternative, I used it for some time.
Anyway, I have always been happy with `su` and don't need anything else.


----------



## Crivens (Oct 17, 2019)

BTW: obligatory xkcd for this: https://xkcd.com/838/


----------



## Deleted member 30996 (Oct 17, 2019)

k.jacker said:


> Anyway, I have always been happy with `su` and don't need anything else.



That's always been the way I do things and have never installed security/sudo or security/doas. If I have something that needs to be done as root I do it as root and feel comfortable and competent in doing so. I'm the only usr on my machina anyway.

I did have the "opportunity" to use sudo on TrueOS once. The whole concept seemed foreign and didn't make sense to me.


----------



## Maxnix (Oct 17, 2019)

Crivens said:


> BTW: obligatory xkcd for this: https://xkcd.com/838/


Speaking about sudo and Christmas, this, even if legit, I think would put you under "naughty" anyway: https://xkcd.com/149/


----------



## k.jacker (Oct 18, 2019)

Trihexagonal said:


> That's always been the way I do things and have never installed security/sudo or security/doas. If I have something that needs to be done as root I do it as root and feel comfortable and competent in doing so. I'm the only usr on my machina anyway.


security/doas would be a very nice tool, if it would support the kernel module, that it is backed by in OpenBSD. As far as I understand, that should give it the ability to "remember"  for a while, that you raised your priviliges,  like security/sudo does. I actually never used doas in it's full functionality on OpenBSD, I just read about it. It's kernel module is missing in the FreeBSD port, or at least was missing, when I used it 1,5 years ago.

For convience, I made a little wrapper for su, to save me some typing, when I dropped doas. It makes it easier to execute single commands as root, without actually su-ing to root. So instead of `su -m root -c 'some command'` a simple `su -c some command` is enough  Yeah, I have a light case of `' '` laziness 

```
#!/bin/sh

# This su wrapper simplifies my 2 most common use cases.
# case 1) with -c and at least one more argument executes su -m root -c 'argument(s)'
# case 2) without arguments executes su -m
# case 3) any other combination of arguments is passed to su unchanged

if [ "$1" == "-c" ] && [ $# -ge 2 ]
    then
        # case 1
        shift
        sucommand="/usr/bin/su -m root -c '$@'"
        eval `echo $sucommand`
elif [ $# -eq 0 ]
    then
        # case 2
        /usr/bin/su -m
    else
        # case 3
        /usr/bin/su $@
fi
```


----------



## Deleted member 30996 (Oct 19, 2019)

I become root to mount a USB drive then invoke x11-fm/xfe from the same terminal to work with files. Editing files or running commands as needed and compiling ports are all done as root. I know both passwords anyway, am the only usr and Admin of my machines so `su` is all I've ever used. When I'm done I log out and run browsers and such from my usr account.

I had my root password entered twice in DandyOS before I noticed it wanted the usr password. I didn't know it installed sudo by default, once more and I'd have been locked out.  What sense does that make if I already know the root password? Yet the user can gain root privileges with the user password.

I know it's not considered good practice to do things as root. Good practice was something I learned on my own mostly from making mistakes and carry over a lot of things I do differently from back then. I never edit /etc/fstab to mount my USB drives and that seems to be standard practice from a recent thread.


----------



## funkygoby (Oct 20, 2019)

I agree. For me sudo never made sense as a more-secure-than-su.

I understand that you can use sudo to delegate specific admin tasks to simple users. What I do not get is why some people give all privileges without password to their user and then claim that it is safer.

The explanation I see is by using su, you might forget that you are logged as root after q while. Whereas with sudo, you will have to re-enter your password at some point.
Why not just color the prompt (red for root) ?


----------



## Deleted member 30996 (Oct 20, 2019)

If it was me there would be a different password for the `sudo` group than the root or user password.



funkygoby said:


> What I do not get is why some people give all privileges without password to their user and then claim that it is safer.



It's not.

That's how I learned to use the first computer I touched. I had unlimited access to the company computer, printer, all their floppy disks and the weekend alone to learn to use it. The next logical step seemed to be accessing the data on their floppy disks. That's what you did in Shadowrun and all I knew about computers before then.

The worst thing I did is print off a love poem some girl wrote the guy who took my Weekend Houseparent job when I got promoted to Unit Manager and embarrass him with it. When they upgraded to a new one I set it up and had to show them how to boot it up.


----------

