[OpenIndiana-discuss] bug reports
pulaskite at yahoo.com
Sun Mar 20 14:13:52 UTC 2011
My comment had nothing to do w/ firefox. I moved to using a separate machine for internet access because of firefox, but the privilege escalation issue applies generally. This is the reason for typing "/bin/su" rather than "su".
sudo was designed to address the lack of RBAC authority in Unix. I don't think unlimited authority sudo contributes anything to the security of a predominately single user system running windowing. A separate root window solves the authority problem much better in my view. If I need to do admin work, I don't see any benefit to prefacing every action w/ "sudo".
An elaborate lock doesn't improve security if the spare key is under the doormat.
I agree it's not a major issue given the massive problem posed by the browsers & plugins. I was trying to point out that you really can't protect the user from their own ignorance. If someone lacks the wits to log out after executing "/bin/su", they won't be any safer running "sudo".
More information about the OpenIndiana-discuss