~/.macports

[Chris Jones]

On 12/02/15 12:13, René J.V. Bertin wrote:
> On Thursday February 12 2015 12:33:53 Clemens Lang wrote:
>
>> You should be aware of the security implications of this change. For example,
>> sudo port edit vim gets you arbitrary code execution and arbitrary file access as
>> root.
>
> Exactly one of the reasons I don't like rendering sudo implicit, and even less strip it of its pw protection.
> I really prefer to take my chances making select parts of the FS writable to the admin group, and allow non-privileged port to write to my home directory. There's nothing in there that I cannot restore from backup. The same applies for the rest of the system, but recuperating from a borked OS or from a borked $HOME are not exactly comparable in terms of effort.

I would actually argue allowing port to run via sudo without requiring a 
password could be viewed as improving security. By allowing 'sudo port' 
to run without a password, you never have to authenticate, which means 
sudo never enters into its state where it can run *any* command without 
a password. This means running

 > sudo port XYZ
 > sudo <something bad>

will prompt you for a password on that second command, because the first 
does not require one. If you had to enter a password for the first 
command, then the second would just run...

Of course, if port itself is viewed as a security risk that is a 
different issue. However I would argue that given that for most users 
running 'sudo port XYZ' is a very common activity, they are quite likely 
to just enter their password without thinking much, so whether or not it 
is required is really a moot point...

So yeah, personally I consider allowing port to run through sudo without 
a password improves my security against me doing something bad with sudo 
later on, not degrades it.

Chris

>
> R.
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/macports-dev
>