[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Security tokens

To: Dave Close <dave@compata.com>
Subject: Re: [SAGE] Security tokens
From: Jim Hickstein <jxh@jxh.com>
Date: Tue, 21 Jan 2003 09:27:33 -0800
cc: sage-members@usenix.org
In-Reply-To: <200301210117.RAA10206@biz.compata.com>
References: <200301210117.RAA10206@biz.compata.com>
Sender: owner-sage-members@usenix.org

>> And yes, certain things (like "sudo /bin/sh") are considered <i>prima
>> facie</i> acts of wrongdoing, meaning that I can convince HR to take
>> steps.
>
> Why? If that function works, it must be because you allowed it.

Because it defeats sudo's auditing.  This is for sysadmins generally, where 
sudo ALL=ALL is considered slightly better than handing out the (reusable) 
root password to a bunch of people.

And one doesn't go to HR first, of course.  One asks for an explanation, 
and then reminds them of the policy.

References:
- Re: [SAGE] Security tokens
  - From: Dave Close <dave@compata.com>

Prev by Date: [SAGE] PPTP client for Solaris
Next by Date: Re: [SAGE] Security tokens
Prev by thread: Re: [SAGE] Security tokens
Next by thread: Re: [SAGE] Security tokens
Index(es):
- Date
- Thread