Oh. And before any of you lay any blame on the maintainers of these open source project.
How many of you have blindly installed stuff by running curl | sudo bash ?
Did you verify the binaries and the code the bash script ran/installed? How did you confirm trust on those binaries?
Xz is the oss supply chain attack we know about. You can guarantee there are many many more. How we manage installation, and dependency's should perhaps have a little more thought...
@quixoticgeekcurl | sudo bash is horrifying on so many levels. Projects that suggest this as an install method are immediately suspect to me.
While I'm on a rant, the Ubuntu style "sudo for everything from the default user account" is disturbing as well. Day-to-day user accounts should NOT have root access, full stop.
@allpoints@quixoticgeek sudo/curl gets a lot of unjustified flak though.
You need root to install a deb or rpm or whatever package just as well. And the pre-/post install scripts in those are less visible if anything.
@felixf@quixoticgeek sorry, it deserves all the flack it gets. I don't have a problem at all with an install script. But the instructions aren't "download this, look it over and run it as root."
And yes, packages require root access and run scripts. However I have some trust/faith/hope the package maintainers have done their job well.
The fact is curl/sudo has a bad smell to it and makes me distrust the projects that suggest it.
@felixf@quixoticgeek to answer your 2nd question 1st, because I have a life and don't have the time/interest to do that.
If it's not apparent why I have more faith in a package from my chosen distro or from a project that understands and has taken the time to build one then I'm not sure we have a common enough framework to have a fruitful discussion
@allpoints@quixoticgeek fair enough, but curl/sudo installers don’t replace distribution packages. They replace upstream apt/yum repos. And I maintain that the surplus trust that people put in the latter is mostly undeserved.
@quixoticgeek@dusnm@allpoints Simon says. Which seems fine as a simple check that you really mean to make a system-level change, rather than a security measure.
Seems better than doing things that don't need to be root (eg. decompressing and compiling things) in a root shell, anyway.
@kim@allpoints@dusnm except you then find people just putting sudo in front of everything... At least the password adds an extra check. Type it on every command and you're not gonna use it when it's not needed
@quixoticgeek@allpoints@dusnm repeatedly typing a password would appear to be equivalent to repeatedly just typing "sudo " for those purposes. Except with more risk that your password ends up in your .bash_history
@dusnm@quixoticgeek The smart approach to security is layers. It's much easier to compromise an everyday account. Giving that account and its password root access is a bad idea.
But it's your machine and you get to choose where the line is between ease of use and security.
IMO a major problem with the Ubuntu approach is they've trained new users to type sudo in front of every command without thinking about it. These are the same folks who don't understand why curl | sudo bash is bad.
@allpoints@dusnm at one job, colleague complained that I didn't include sudo with commands in documentation, instead having a # or $ for the prompt to tell if iy needed sudo/root. That way people didn't just copy paste stuff without knowing what they were doing.
"That way people didn't just copy paste stuff without knowing what they were doing."
Personal systems are one thing but I would be concerned if I had colleagues with root access who cut/paste commands without understanding when/why root level access is required.
@themself@quixoticgeek yes, you absolutely can configure sudo access. But the default Ubuntu install automatically gives full access to the user account it creates on install. It could, e.g. create a separate "admin" acct. It's why you see tutorials that prepend every command with sudo
Re configuring sudo. Heads up systemd breaks the use of 'localhost' in the config file as it no longer maps back to 127.0.0.1
@allpoints@themself the defaults with sudo suck. Even worse are the systems where sudo doesn't even need a password. I don't understand the point of having to put sudo in front of a command, but not ask for a password seems pointless.
@quixoticgeek@allpoints agree on the defaults aren't secure. I also don't get why you wouldn't prompt for a password, that's so crazy that you may as well not bother with sudo!
Add comment