Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] "uVirtus Linux, encrypted OS for Syria": a security review

Maxim Kammerer mk at dee.su
Fri Feb 7 01:25:31 PST 2014


On Fri, Feb 7, 2014 at 2:37 AM, Sahar Massachi <Sahar at brandeis.edu> wrote:
> The fact that there's a "naked sudo" hole is brutal.
>
> Forgive me if I misunderstand the problem, but how could *anyone* ship a
> distribution with a passwordless sudo? That seems like it requires
> deliberate malice to even set up.

Careful here: Tails had passwordless sudo prior to v0.11, less than 2
years ago. So either unlimited local root access is not such a big
deal, or recommendation to use Tails is short-sighted — in either case
the report has a problem. I suggest that the report author sweeps both
issues under the carpet simultaneously using a politically correct
language referencing problems that were taken care of a long time ago,
and are not that critical to begin with.

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte



More information about the liberationtech mailing list