gpsd-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"


From: Gary E. Miller
Subject: Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"
Date: Fri, 15 Jan 2021 10:19:26 -0800

Yo Bernd!

On Fri, 15 Jan 2021 16:03:17 +0100
Bernd Zeimetz <bernd@bzed.de> wrote:

> On 1/15/21 3:15 AM, Gary E. Miller wrote:
> >     "Sudo? Sudon't!"
> > 
> >         https://gpsd.io/ubxtool-examples.html#_sudo_sudont  
> 
> lines like
> 
> sudo is "Security Theater". Having sudo enabled on a computer makes it
> demonstrably less secure.
> If you must be root, then become, and stay root. Just sudon’t.

Not opinion.  Fact.

> are your personal opinion and have nothing to do with gpsd. Nothing
> that should be in a documentation about gpsd. I'm sure there is some
> linux best practices book where they belong into.

I guess you have ot been following along.  The top 3 problems gpsd
users have are:

1. systemd
2. apparmor
3. sudo

sudo has been especially problematic when used with ubxtool.

That makes it a gpsd problem.

> Instead I'd suggest that you check the uid in ubxtool and fail if
> somebody tires to run it as root, maybe add a --yes-i-know-what-i-do
> flag to force running it as root.

I hate it when programs do that.  No reason at all that ubxtool should
not be run as root.  Should I make that more clear in the text?

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

Attachment: pgpGLJ5s0s3tp.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]