Aaron Griffin schrieb:
I agree. The question is not about makepkg security, but about sudo
security. And frankly, sudo is a security desaster in its default
configuration.

Any suggestions for changing / shipping a better default config file?
I know little about the security implications of this, but I think we
should ship a decent default if possible.

Our policy is usually to ship whatever upstream ships. IMO, a good default would be to set sudo to require the root password (not the user password) and not cache any passwords at all.

Also, I think instead of using sudo in makepkg, we should use su by default (with an option to enable sudo). su always has a good default configuration requiring the root password (it's also possible to set it to allow password-less su in the pam configuration, but everyone who does that is crazy anyway).

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to