Re: ✘"Sudo? Sudon't!" and "Saving U-blox Configuration"

[Joshua Judson Rosen]

On 1/15/21 1:45 PM, Gary E. Miller wrote:
> Yo Joshua!
>
> On Fri, 15 Jan 2021 10:47:47 -0500
> Joshua Judson Rosen <rozzin@hackerposse.com> wrote:
>
> > > are your personal opinion and have nothing to do with gpsd. Nothing
> > > that should be in a documentation about gpsd. I'm sure there is
> > > some linux best practices book where they belong into.
> >
> > And to readers who don't already agree with it, I think this
> > particular claim just makes the author look silly.... If you _really_
> > want it to be in there, you should probably substantiate so that
> > readers actually take it seriously instead of just dismissing it as
> > the ramblings of a crank.
>
> Are you referring to Bernie or myself as silly?  Or both of us?

I'm not actually calling _you_ or _Bernd_ silly per se; I'm saying that
the _claim_:

        
        sudo is "Security Theater".
        Having sudo enabled on a computer makes it demonstrably less secure.

... _presented unsubstantiated_ as it is, _looks_ silly if read by someone who 
probably _likes sudo_
because they're not already familiar with whatever rationale is behind that 
statement.
(maybe it actually is, maybe it actually isn't--I'm aware of some arguments in 
both directions
 about some specific sudo deployment strategies and rationales..., but I'm not 
sure
 what _your_ rationale is, so I've withheld judgement in this specific case ;))

> If you are referring to my comments, I'd be perfectlyl happy to
> substantiate them here.  The ubxtool examples is not the correct
> place for such an in depth discussion.

Discussion buried in the gpsd-dev list archives is not going to change how
someone reading that doc receives it; unless you're planning to link to it
from the doc?

I agree that `in the middle of a ubxtool example' is not really the correct 
place
to be inserting an essay about sudo..., just putting a hyperlink on your remark
would be an improvement with minimal negative impact on the general flow of the 
document.

In general, I find "if a piece of text can be expected to make the readers go 
`WTF?',
add a hyperlink that can cure them of the WTF" is a useful guideline.


> > > Instead I'd suggest that you check the uid in ubxtool and fail if
> > > somebody tires to run it as root, maybe add a --yes-i-know-what-i-do
> > > flag to force running it as root.
> >
> > Or even specifically check for one of the environment variables that
> > sudo sets to indicate that a process is running under sudo (e.g.
> > SUDO_USER, SUDO_UID, SUDO_GID...) if you really just want people to
> > stop people from using _sudo_ specifically....
>
> Hmm.  Interesting suggestion.  Let me rephrase this:
>
>      ubstool should check it is running under sudo and fail.
>
> Do I have that correct?  So instead of maybe failing under sudo it
> always fails?

Yeah, basically--but more specifically: fail early, fail loudly,
and fail benignly, i.e. fail out _before_ / _instead of_ doing whatever
damage you're concerned might result from `running normally but with sudo'.

--
Connect with me on the GNU social network! 
<https://status.hackerposse.com/rozzin>
Not on the network? Ask me for more info!