Bug#293830: sudo is undesirable

Joshua Rodman jrodman@ducker.org (Joshua Rodman), 293830@bugs.debian.org
Sat, 26 Feb 2005 08:03:38 -0800


sudo allows user-passwords to work for root-priveledge actions.

This is a similar problem to suid root binaries, and must be only
applied in very sparing cases where the code is very carefully analyzed,
or else you have local root equivalence for all users.

Unfortunately, /etc/sudoers is a very poorly designed file with a
confusing and difficult syntax.  Additionally, in order to provide users
with reasonable flexibility with specific tools you wish to allow them
to use, you often open the door to complete root access via clever
character susbstitutions.

In short, sudo has a config which is hard to vet for correctness, is
hard to provide useful functionality, and often allows user passwords to
be root-password equivalent.  

It is a poor tool.

Do not cause gksu to require sudo, since requiring the root password has
none of these problems.