sudo is evil

sudo, the *nix tool with which you can easily execute commands as a super user is harmful.

The idea behind sudo is good. You are able to execute super user commands — offcourse when the super user has allowed you — without having to log into the super user.

The problem though is that the default configuration of sudo only asks for the password of the current user, when he first uses it. That means that if the security is breached of the user, which could happen, it can simply use sudo to gain access to root, for it is very likely that users who have enabled sudo, use it a lot.

My recommendation: don’t use sudo, if you haven’t explicitly configured it to require your password every single time you use it — use su instead.

update: If you want to force sudo to ask your password every time you use it, add this in your /etc/sudoers:

Defaults timestamp_timeout=0

They could’ve used a more sensible name for that in my opinion. I had to read the manual carefully before I found out it was this entry.

Tags: ,

3 Responses to “sudo is evil”

  1. Jeffrey says:

    But it “times out” after a few minutes. So when you wait long enough you have to enter the password again.

  2. Indeed, 5 minutes to be exact. But that is still 5 minutes too much in my opinion. Oh, I’ve found a way to disable it totally, see the update on the psot ^^.

Leave a Reply