Re: sudo (was: gpsd killing device adapter)

[Adam Nielsen]

> > None of the results Google gives me mention that.  The wonders of
> > providing everyone with their own personalised list of search results
> > I suppose.  
> 
> I actually stopped using Google a long time ago as they don't give
> two people the same resuts for the same search.  Targeting.

Yep I don't use it myself but didn't find any relevant results through
my usual one either so thought maybe you specifically meant Google.

> Try this one:
> 
> https://gpsd.io/ubxtool-examples.html#_sudo_sudont
> 
> Or just read the man page.

That one doesn't really explain what the problem is.  Not sure whether
you meant the man page of ubxtool or sudo but neither of them really
give me any hints why sudo is different.

I'm not being pedantic, I genuinely want to learn what the difference
is as I have never noticed one before, and this is the first I've heard
of a situation where sudo doesn't work (when it has been configured
properly).

> > It's a fair point that the environment is different, but really root
> > is UID 0,  
> 
> Not according to POSIX.

Any pointers where this is explained too?  I tried to find out on my
own but apparently the POSIX standard is restricted and you have to
register to get a copy of it, which is just plain annoying.

> And to focus on the environment is to get lost in one of many details.
> sudo is insecure, its man page says so, even Leonard Pottering has gone
> off against it.  And sudo does things that violate POSIX, so programs
> that expect POSIX, like gpsd, fail in "interesting" ways.

I couldn't find anything about Lennart Poettering making any comments
about sudo.  I ran "man sudo" and searched for "insecure" but didn't
find any hits.  I searched around a bit and found only references saying
sudo is very secure, as long as you have configured it properly.
Obviously if you give sudo access to a command that allows users to run
arbitrary commands then you have created your own security hole, but
from the perspective of myself, where I can run "sudo" or "su" and have
to put in a password either way, I can't see why sudo would be any less
secure than using "su" or an SSH login as root.

Do you have any specific examples you can point me to that explain the
scenarios where sudo cannot be configured to work in a situation where
a root login does work?  I'm not having any luck finding anything via
web searches.

> > But I take your point, sudo may give a different result to a root
> > login.  
> 
> Not may, WILL.  RTFM.

The only thing I can see about this in the manpage is that some user
environment variables are sanitised, but if you log in as root then you
won't have those user environment variables set in the first place so
that doesn't seem to be any different.  There's also mention of the
difference between an interactive/login shell and running a command
directly, but sudo has the -i option if you need to run a command as if
it was in an interactive shell so that doesn't seem to be the issue.

Certainly in my own experience I have never noticed any difference
between using sudo, su or any other root login which is why I'm
interested to learn what the issues are.

Cheers,
Adam.