Problems of a desktop Linux distribution GUI sudo

Problems of a desktop Linux distribution GUI sudo

Elazar Leibovich elazarl at gmail.com
Mon Jun 14 18:16:11 IDT 2010 

On Mon, Jun 14, 2010 at 6:04 PM, Tzafrir Cohen <tzafrir at cohens.org.il>wrote:

> On Mon, Jun 14, 2010 at 05:47:36PM +0300, Elazar Leibovich wrote:
>
> > Again, sudo is super.
>
> Surely it's not. Super is a sudo replacement.
> http://packages.debian.org/super


It is hard to find an adjective which is not a debian package yet ;-)


>
>
> > I even considered a using it on some windows machine
> > which unfortunately lack this feature. It's the Ubuntu GUI for leveraging
> > permisions which bothers me.
> > I took a quick look of the *Kit stuff. I don't see immediately what
> > ConsoleKit is doing, but indeed disabling any possibility to sudo through
> > the GUI, and only running a package daemon is a nice step towards a
> better
> > authentication scheme.
> > However I don't see how is it a solution for the general problem of
> > executing untrusted binaries in Desktop environment.
>
> It's not. Nither is sudo. It's intended to help you solve the problem of
> a giving a semi-trusted user partial sysadmin permissions. Different
> problem.
>

sudo doesn't solve the problem, however it might help with solving it. For
instance Ubuntu uses GUI wrapper for sudo in order to try and solve the
problem.
And indeed we're talking about different problems.
Usually for the personal computer the user is totally trusted, but the
software he's installing is not always trusted. We wish to make sure that
administrative actions are initiated by the user, and not by a software he's
running. I've yet to hear a different solution than the Vista one.



>
> --
> Tzafrir Cohen         | tzafrir at jabber.org | VIM is
> http://tzafrir.org.il |                    | a Mutt's
> tzafrir at cohens.org.il |                    |  best
> tzafrir at debian.org    |                    | friend
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100614/3ca7cad9/attachment-0001.html>

More information about the Linux-il mailing list