[Ffmpeg-devel] PATCH: Build Suffix
Rich Felker
dalias
Fri Jul 29 14:03:07 CEST 2005
On Fri, Jul 29, 2005 at 12:45:41AM +0200, Charles Yates wrote:
> On Thu, 2005-07-28 at 19:37 +0200, matthieu castet wrote:
> > sudo avoid to give root user password and as you use your password, you
> > know it and don't write root password somewhere...
>
> Personally, this is why I like sudo - it's clean and controllable should
> you need it to be controlled.
>
> su means giving the root password (and thus access to *everything*),
> sudo means giving the user their own password and then controlling what
> they can do (and in the case of a self administered box, that means the
> grand total of 0 effort).
My point was exactly that you do not, and CANNOT, control what they do
with sudo. If a program can safely be run by ordinary users with
elevated permissions, it will use the suid bit and have its own strong
internal permissions handling. Virtually anything run through sudo is
full of holes that yield full root access, like the "make install"
example.
Rich
More information about the ffmpeg-devel
mailing list