when did sudo get to be so rude?
>>54071766
rekt.
Daily reminder that sudo is a unsecure.
>>54071766
Sure you're using BSD
>>54072797
how?
>>54073303
When you use sudo your terminal become a gate to root power. Any of the application you run can use that terminal and gain root power. So if you have an infected application (like your browser) that infected application can become root. You must never let a user gain root power if you can't be sure that the user session is not corrupted.
>>54073376
You forgot:
A) sudo requires password.
B) su exists, they could just use that if sudo isn't there (which also requires password).
You're fucking retarded, kill yourself.
>>54073409
>A) sudo requires password.
Not after first use.Except if you change configuration.
>su exists
As soon as you become root in your terminal an infected application can hack into root account. And an application can be very fast for you.
>>54073409
Still me, I must add. An infected session can have a "man in the middle terminal".
>>54073303
most people don't configure it right, that's a fact
it's why doas is better
>>54073425
So basically, you're saying that you should never run any sort of command as root?
Your arguing an entirely different point here, when you DO need to run a command as root, it's more secure to use sudo rather than su.
In fact su is now obsolete now that sudo -s and sudo -i exists.
Whether you trust the application or not is a different issue.
>>54073468
>So basically, you're saying that you should never run any sort of command as root?
Yes. You must log as root with a fresh new secure session (use the kill sys-rq to be sure).
Su or sudo are the same thing. They both are insecure.
>>54073522
Full blown autism.
>>54073522
dont have that problem with plan9
>>54073541
I'm sorry for you if I'm concerned by security.
>>54073376
Nigger that's not how it works.
>>54073522
>>54073562
not sure if trolling or retarded.
You enabled insults in your sudoers file or at build time.
This ain't new sister
Get raped and kill yourself, you retarded fucking faggot sack of shit with down syndrome.
>>54073562
sysrq-i won't give you security you stupid fucking retard.
If the application your running is malicious it will infect your system regardless if you killed everything or not.
>>54073425
You know that you can configure sudo to require password entry every time right? Just because you used debian with sudo doesn't mean it works exactly the same on every distribution.
>>54073593
You're funny. You know nothing about what terms are and how they can be hijacked.
>>54073609
Stupid. It's just to be sure that you're really facing a login screen and not a fake one.
>>54073626
It would be the same problem as su. An infected application could wait until you open the gate to root. Or it can be a fake term.
>>54073633
Then how about you enlighten me with your autistic shit and I'll see whether or not you're a credible source of information.
>>54073609
Malicious software running with user permissions cannot evade sysrq i.
>>54073687
You can't be sure that the rem you're running is the term of the OS and not an infected one.
>>54073656
Well, you're going to have to gain root to do anything meaningful eventually, there's nothing that can be done short of containerization
>>54073689
I said "application you're running" meaning the progam that you run with sudo AFTER you kill everything.
external programs can't hijack the terminal session without root privileges.
>>54073696
In that case, it doesn't fucking matter if you killed everything, you'll still be running the fake term again when you login.
>>54073749
No, if you log directly as root. The root session isn't infected. Only the regular user session.
Do you get it?
>>54073709
Yes by logging directly as root. Not using su or sudo.
/g/ really suck at basic security.
>>54073725
Yes, me confirmed for can't read
>>54071766
>>54072814
This always makes me chuckle when I'm on my OBSD machine.
USE=offensive emerge sudo
>>54073920
wouldn't it rebuild without the use flag when you update it?
>>54073936
Yes, normally one would
echo "app-admin/sudo offensive" > /etc/portage/package.use/sudo
or add it to USE flags in make.conf (it's globally applied then).
euse -E offensive
>>54073376
>>54073425
>>54073522
>You must log as root
>mfw
>>54073562
>run sudo maliciousshitI'msodumb.sh
>fucks up system
>OMFG SUDO SO INSECUR LULZ
Fuck off to your shit subreddit and stay there. You're like that fucking retard that fucked his UEFI partition and then blamed systemd for it because he has no fucking idea what rm -rf / actually does.
>>54073835
How is logging in as root safe? You're basically giving everything currently running full system permissions to everything without question.
>>54074019
I only use what I have to use. Exactly the same tool as you with su or sudo. But I'm sure that the session isn't infected. I don't run firefox and go to "hackme.com" with my root account.
>>54074053
guys this is bait
>>54073425
You ever heard of a hack that occurred like that? It seems like paranoy.
>>54074099
Stay ignorant anon.
>>54074102
Good security is about paranoia.
>>54073376
The only time this is really a problem are retarded vimfags using sudo vim (sudoedit bitches, or TRAMP in emacs). Nothing else you run with sudo should be able to spawn a system shell.
>>54074162
You don't really know what happen when you type sudo. You can't be sure of the used binary.
>>54074162
I've been using Linux for four years and never heard of sudoedit. Wow.
>>54073835
>says we suck at security
>logs in as root for everything
gr8 b8
>>54073303
Click here to find out!
>>54074385
I do exactly the same thing as you do when you use sudo or su. But it's secure because my session isn't compromis.
>>54074053
Kangaroo guy here.
I know this is bait but seriously.
You advice the one fucking thing that is known to be a severe security risk, and you seem to have lost your marbles regarding terminal sessions. Root login is normally only done in a safe-boot scenario where nothing but the base system is started, which is mostly for unfucking your system in the unfortunate case you managed to make it an unbootable mess.
Your advice might in fact be exactly what that piece of malware wanted. For some sucker to login as root so a maliciously installed startup script would run with automatically elevated permissions and no sudo shit to keep it from completely taking over the system.
And to think, your entire rambling is based on the fact that the terminal session remembers the root password, because your entire scenario is completely impossible on any system that doesn't do this.
>>54074459
Nobody say seriously to not log as root. What is asked is to not use a root session as a regular user session. Doing root maintenance is not dangerous for security. I do the same thing as everybody with su or sudo, but I'm sure that there is no "man in the middle" application.
>>54074485
>muh man in the middle
You already needed to fuck up somewhere else for that to be possible in the first place, so it would ultimately be a case of user-error. What I find fascinating is how you're absolutely obsessed with this, like it's that fucking easy. Yet if it were, wouldn't this issue be exploited to hell and back? It would, and yet it is not. Because your scenario is but a fantasy byproduct of your inane obsession over security in areas you have no knowledge about.
You are not a credible source.
You have no other credible sources to fall back on.
Ultimately, you have no argument.
I know you just want to sound like some smartass autist on a memeboard of faggots, but for fucks sake don't ever recommend root login like that again. "Regular maintenance" isn't a fucking excuse to login as root, that's what sudo is for in the first place. If you're worried about keyloggers and terminal hijackers, maybe you shouldn't install shady software from unknown sources to begin with. Sudo doesn't change its function for jack shit after all.
>>54074673
>case of user-error
Like browsing the web.
I have literally never used sudo
>>54074187
>he doesn't check the source code and compile his software
>he installs untrustworthy software on his machine
>>54074695
Yes you running firefox with elevated privileges and going to isuckdicks.com is indeed user error. Deal with it.
>>54074786
I never say my system was perfect. But I see that now you agree, and try to use the it's not perfect so it's equivalent to a shitty configuration. You're pathetic.
>>54074815
If you use firefox with your regular user you can't be sure that you're user session isn't infected. And so as soon as you use su or sudo with that user you can't be sure that your system isn't infected.
ALL OF YOU will understand what I explain here now and you'll all understand that you're ignorant. Today you're just too stupid to understand basic security. That will be my last post to enlighten you. Stay in the darkness anons.
>>54074695
Yes, browsing the web as root is user-error.
No one else to blame but yourself.
>>54074854
>If you use firefox with your regular user you can't be sure that you're user session isn't infected.
Except you can, dingus.
>ALL OF YOU will understand what I explain here now and you'll all understand that you're ignorant. Today you're just too stupid to understand basic security. That will be my last post to enlighten you. Stay in the darkness anons.
ye mang suc ma diek fuken fagtniggerniggerchickendinner go bek to reddt
>>54074854
Install QubeOS
>freetards cannot even quote Repo Man correctly
>>54074187
You're fucking retarded if you run everything as root, and you don't even need sudo to be that retarded.
>>54073595
Retarded.
>ITT
