Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Joshua Judson Rosen]

On 1/15/21 10:03 AM, Bernd Zeimetz wrote:
> On 1/15/21 3:15 AM, Gary E. Miller wrote:
> >      "Sudo? Sudon't!"
> >
> >          https://gpsd.io/ubxtool-examples.html#_sudo_sudont
>
> lines like
>
> sudo is "Security Theater". Having sudo enabled on a computer makes it
> demonstrably less secure.
> If you must be root, then become, and stay root. Just sudon’t.
>
>
> are your personal opinion and have nothing to do with gpsd. Nothing that
> should be in a documentation about gpsd. I'm sure there is some linux
> best practices book where they belong into.

And to readers who don't already agree with it, I think this particular claim
just makes the author look silly.... If you _really_ want it to be in there,
you should probably substantiate so that readers actually take it seriously
instead of just dismissing it as the ramblings of a crank.

> Instead I'd suggest that you check the uid in ubxtool and fail if
> somebody tires to run it as root, maybe add a --yes-i-know-what-i-do
> flag to force running it as root.

Or even specifically check for one of the environment variables that sudo sets
to indicate that a process is running under sudo (e.g. SUDO_USER, SUDO_UID, 
SUDO_GID...)
if you really just want people to stop people from using _sudo_ specifically....

--
Connect with me on the GNU social network! 
<https://status.hackerposse.com/rozzin>
Not on the network? Ask me for more info!