[OpenIndiana-discuss] bug reports

Reginald Beardsley pulaskite at yahoo.com
Sun Mar 20 14:13:52 UTC 2011

My comment had nothing to do w/ firefox.  I moved to using a separate machine for internet access because of firefox, but the privilege escalation issue applies generally.  This is the reason for typing "/bin/su" rather than "su". 

sudo was designed to address the lack of RBAC authority in Unix.   I don't think unlimited authority sudo contributes anything to the security of a predominately single user system running windowing.  A separate root window solves the authority problem much better in my view.  If I need to do admin work, I don't see any benefit to prefacing every action w/ "sudo".

An elaborate lock doesn't improve security if the spare key is under the doormat.

I agree it's not a major issue given the massive problem posed by the browsers & plugins.  I was trying to point out that you really can't protect the user from their own ignorance.  If someone lacks the wits to log out after executing "/bin/su", they won't be any safer running "sudo".

Have Fun!


More information about the OpenIndiana-discuss mailing list