Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Gary E. Miller]

Yo Joshua!

On Fri, 15 Jan 2021 14:37:25 -0500
Joshua Judson Rosen <rozzin@hackerposse.com> wrote:

> >> And to readers who don't already agree with it, I think this
> >> particular claim just makes the author look silly.... If you
> >> _really_ want it to be in there, you should probably substantiate
> >> so that readers actually take it seriously instead of just
> >> dismissing it as the ramblings of a crank.  
> > 
> > Are you referring to Bernie or myself as silly?  Or both of us?  
> 
> I'm not actually calling _you_ or _Bernd_ silly per se; I'm saying
> that the _claim_:
> 
>       
>       sudo is "Security Theater".
>       Having sudo enabled on a computer makes it demonstrably less
> secure.

If you dispute that you dispute me.  I have suffered with sudo for
decades.

> ... _presented unsubstantiated_ as it is,

Google is your friend.  Pay particular attention to UNIX rootkits.

> _looks_ silly if read by
> someone who probably _likes sudo_ because they're not already
> familiar with whatever rationale is behind that statement. (maybe it
> actually is, maybe it actually isn't--I'm aware of some arguments in
> both directions about some specific sudo deployment strategies and
> rationales..., but I'm not sure what _your_ rationale is, so I've
> withheld judgement in this specific case ;))

I'll not be puulled off topic of ubxtool and its examples.

> > If you are referring to my comments, I'd be perfectlyl happy to
> > substantiate them here.  The ubxtool examples is not the correct
> > place for such an in depth discussion.  
> 
> Discussion buried in the gpsd-dev list archives is not going to
> change how someone reading that doc receives it; unless you're
> planning to link to it from the doc?

Funny you should ment that.  The reason for that addition is for exactly
the reasons you just stated!  Great minds think alike!

> I agree that `in the middle of a ubxtool example' is not really the
> correct place to be inserting an essay about sudo...,

I do not agree.  sudo is the #1 problem people have had with the
previous versions of the ubxtool exmaples doc.  The doc is to help
people use ubxtool, and understanding how sudo breaks ubxtool is
important to the success of that doc.

> In general, I find "if a piece of text can be expected to make the
> readers go `WTF?', add a hyperlink that can cure them of the WTF" is
> a useful guideline.

A good teach should give his students an WTF moment as often as possible.
Otherwise they learn little.

> >      ubstool should check it is running under sudo and fail.
> > 
> > Do I have that correct?  So instead of maybe failing under sudo it
> > always fails?  
> 
> Yeah, basically--but more specifically: fail early, fail loudly,
> and fail benignly, i.e. fail out _before_ / _instead of_ doing
> whatever damage you're concerned might result from `running normally
> but with sudo'.

Get Bernie to agree and I'll do it.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
        gem@rellim.com  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

pgpueg5zThCAO.pgp
Description: OpenPGP digital signature