On 15/01/2021 18:19, Gary E. Miller
wrote:
Yo Bernd!
On Fri, 15 Jan 2021 16:03:17 +0100
Bernd Zeimetz <bernd@bzed.de> wrote:
On 1/15/21 3:15 AM, Gary E. Miller wrote:
"Sudo? Sudon't!"
https://gpsd.io/ubxtool-examples.html#_sudo_sudont
lines like
sudo is "Security Theater". Having sudo enabled on a computer makes it
demonstrably less secure.
If you must be root, then become, and stay root. Just sudon’t.
Not opinion. Fact.
are your personal opinion and have nothing to do with gpsd. Nothing
that should be in a documentation about gpsd. I'm sure there is some
linux best practices book where they belong into.
I guess you have ot been following along. The top 3 problems gpsd
users have are:
1. systemd
2. apparmor
3. sudo
sudo has been especially problematic when used with ubxtool.
That makes it a gpsd problem.
Instead I'd suggest that you check the uid in ubxtool and fail if
somebody tires to run it as root, maybe add a --yes-i-know-what-i-do
flag to force running it as root.
I hate it when programs do that. No reason at all that ubxtool should
not be run as root. Should I make that more clear in the text?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
--
Michael J Tubby B.Sc. (Hons) MIET / Technical Director
Email: mike.tubby@thorcom.co.uk
Direct: +44 (0)1905 752892
Mobile: +44 (0)7973 225144
Thorcom Systems Limited
Office: +44 (0)1905 756 700
Unit 4, 96B Blackpole Trading Estate West,
Worcester, WR3 8TJ, England, UK
Registered in England & Wales 02704696 /
VAT Number GB487925681
This email and any attachments to it may be
confidential or legally privileged and are intended solely the
individual to whom it is addressed.
If you are not the intended recipient of this email, you must
not take any action based upon its contents or disclose its
contents to any third-party.
This email footer is intended to identify the sender and does
not constitute a signature or agreement to enter into any form
of legally binding contract.
While the author has taken reasonable care in the preparation of
this email Errors and Omissions Excepted (E&OE).
Any views or opinions expressed are those of the author and do
not necessarily represent those of Thorcom Systems Limited.
Please contact the sender if you believe you have received this
email in error.