On Fri, Jul 10, 2009 at 12:00:47PM -0400, Daenyth Blank wrote:
> I don't think that should really be the default, personally. Sudo has
> been fine, I don't know of anyone having an actual issue with misuse.
I agree with the idea that it should be up to the user to secure their
system. I went ahead
Aaron Griffin wrote:
On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler wrote:
Aaron Griffin schrieb:
I agree. The question is not about makepkg security, but about sudo
security. And frankly, sudo is a security desaster in its default
configuration.
Any suggestions for changing
On Fri, Jul 10, 2009 at 04:01, Thomas Bächler wrote:
> Our policy is usually to ship whatever upstream ships. IMO, a good default
> would be to set sudo to require the root password (not the user password)
> and not cache any passwords at all.
I strongly disagree with this. That's a disaster on a m
On Fri, Jul 10, 2009 at 3:01 AM, Thomas Bächler wrote:
> Aaron Griffin schrieb:
>>>
>>> I agree. The question is not about makepkg security, but about sudo
>>> security. And frankly, sudo is a security desaster in its default
>>> configuration.
>>
>> Any suggestions for changing / shipping a better
Aaron Griffin schrieb:
I agree. The question is not about makepkg security, but about sudo
security. And frankly, sudo is a security desaster in its default
configuration.
Any suggestions for changing / shipping a better default config file?
I know little about the security implications of this
On Fri, Jul 10, 2009 at 11:39 AM, Alessandro Doro wrote:
> ¹ Really theoretical, assuming that the user:
> · read the PKGBUILD,
> · trust the package source.
Yeah... I think I'd be somewhat suspicious if I saw a PKGBUILD calling sudo.
sudo -k wouldn't be very effective either. What if I run sud
On Thu, Jul 09, 2009 at 08:45:26PM -0400, Daenyth Blank wrote:
> On Thu, Jul 9, 2009 at 20:25, Alessandro Doro wrote:
> > A simple workaround could be a "sudo -k" after each sudo invocation in
> > the makepkg script.
> >
>
> I don't think there should be any such behavior added. All we do is
> fo
On Thu, Jul 9, 2009 at 20:25, Alessandro Doro wrote:
> A simple workaround could be a "sudo -k" after each sudo invocation in
> the makepkg script.
>
I don't think there should be any such behavior added. All we do is
follow the settings the user has established -- no more and no less.
Let's not
On Thu, Jul 09, 2009 at 03:00:49PM -0500, Aaron Griffin wrote:
> On Thu, Jul 9, 2009 at 1:55 PM, Square wrote:
> > I noticed this in my typical routine when installing AUR packages.
> > 'makepkg -sic' is the typical command I use, and most of the time if
> > dependencies are installed before buildi
On Thu, Jul 9, 2009 at 3:37 PM, Thomas Bächler wrote:
> Aaron Griffin schrieb:
>>
>> On Thu, Jul 9, 2009 at 1:55 PM, Square wrote:
>>>
>>> I noticed this in my typical routine when installing AUR packages.
>>> 'makepkg -sic' is the typical command I use, and most of the time if
>>> dependencies are
Aaron Griffin schrieb:
On Thu, Jul 9, 2009 at 1:55 PM, Square wrote:
I noticed this in my typical routine when installing AUR packages. 'makepkg
-sic' is the typical command I use, and most of the time if dependencies are
installed before building sudo doesn't time out before the install - mea
On Thu, Jul 9, 2009 at 1:55 PM, Square wrote:
> I noticed this in my typical routine when installing AUR packages. 'makepkg
> -sic' is the typical command I use, and most of the time if dependencies are
> installed before building sudo doesn't time out before the install - meaning
> I do not hav
I noticed this in my typical routine when installing AUR packages. 'makepkg
-sic' is the typical command I use, and most of the time if dependencies are
installed before building sudo doesn't time out before the install - meaning I
do not have to re-enter a password for installing the package it
13 matches
Mail list logo
