<div dir="ltr"><br><br><div class="gmail_quote">On Mon, Jun 14, 2010 at 6:04 PM, Tzafrir Cohen <span dir="ltr"><<a href="mailto:tzafrir@cohens.org.il">tzafrir@cohens.org.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Mon, Jun 14, 2010 at 05:47:36PM +0300, Elazar Leibovich wrote:<br>
<br>
> Again, sudo is super.<br>
<br>
Surely it's not. Super is a sudo replacement.<br>
<a href="http://packages.debian.org/super" target="_blank">http://packages.debian.org/super</a></blockquote><div><br></div><div>It is hard to find an adjective which is not a debian package yet ;-)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
<div class="im"><br>
> I even considered a using it on some windows machine<br>
> which unfortunately lack this feature. It's the Ubuntu GUI for leveraging<br>
> permisions which bothers me.<br>
> I took a quick look of the *Kit stuff. I don't see immediately what<br>
> ConsoleKit is doing, but indeed disabling any possibility to sudo through<br>
> the GUI, and only running a package daemon is a nice step towards a better<br>
> authentication scheme.<br>
> However I don't see how is it a solution for the general problem of<br>
> executing untrusted binaries in Desktop environment.<br>
<br>
</div>It's not. Nither is sudo. It's intended to help you solve the problem of<br>
a giving a semi-trusted user partial sysadmin permissions. Different<br>
problem.<br></blockquote><div><br></div><div>sudo doesn't solve the problem, however it might help with solving it. For instance Ubuntu uses GUI wrapper for sudo in order to try and solve the problem.</div><div>And indeed we're talking about different problems.</div>
<div>Usually for the personal computer the user is totally trusted, but the software he's installing is not always trusted. We wish to make sure that administrative actions are initiated by the user, and not by a software he's running. I've yet to hear a different solution than the Vista one.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="h5">Tzafrir Cohen | <a href="mailto:tzafrir@jabber.org">tzafrir@jabber.org</a> | VIM is<br>
<a href="http://tzafrir.org.il" target="_blank">http://tzafrir.org.il</a> | | a Mutt's<br>
<a href="mailto:tzafrir@cohens.org.il">tzafrir@cohens.org.il</a> | | best<br>
<a href="mailto:tzafrir@debian.org">tzafrir@debian.org</a> | | friend<br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</div></div></blockquote></div><br></div>