> hoping to gaslight users into thinking their current system is insecure.
I mean, https://nvd.nist.gov/vuln/detail/CVE-2022-43995 is lest than a week old, so probably yes. (That is, a lot of systems haven't been updated and have a nice open CVE that wouldn't be there if they weren't using sudo.)
If you compare the risk of having sudo vs the risk of granting users less constrained access to root or similar, you’ll have less cves, but be more likely to be breached due to weakened rbac.
Furthermore, there would be no vulnerabilities if you just unplug your computer and walk away, at some point you need to make usability and risk compromises.
I can think of very few instances where you should be giving people shell access, let alone need to worry about RBAC.
Furthermore, the UNIX user model and file system hierarchy already provides you with RBAC. Combine that with ACLs and SetUID (et al) bits and you’ve already got sudo baked into the core system.
Your point about it being a convenience tool is bang on: it makes it easier to administer all of the above but that convenience, like nearly all convenience tools in computing, comes with a slight security trade off.
To be clear, I don’t agree with the author’s recommendation to ditch sudo. But they are absolutely correct in the technical sense. Just as you are. In fact you are both basically arguing the same point but from different perspectives: “sudo adds a vector of attack”. It’s then up to your threat modelling to decide if that is appropriate or not.
But to come back to my original point: just don’t give people shell access. There’s no need in 99% of cases of servers these days and if we are talking about local user machines, then RBAC is less of an issue since it would be a machine per user.
Even (or perhaps especially) with a machine per user, it's critical to keep that user from accidentally shooting themselves in the foot. Typing sudo does help remind a user they're doing something different. I don't want to always have the right to force delete root!
Your comment seems to suggest the alternative of not installing `sudo` is to run your desktop as root. Which clearly isn't the case at all. There are plenty of "sudo" alternatives: `su -c`, `doas`, `login`, etc
Also since we're talking about running as root: ironically I've found a lot of people seem to put the following line in their sudoers file:
ALL=(ALL) NOPASSWD:ALL
which is definitely better than logging in as root....but not by a lot.
You misunderstand it, if you don't need sudo you probably better uninstall it, what's your "real-world"-problem with that? If you work with images you might want to "deinstall" root as well....
I mean, https://nvd.nist.gov/vuln/detail/CVE-2022-43995 is lest than a week old, so probably yes. (That is, a lot of systems haven't been updated and have a nice open CVE that wouldn't be there if they weren't using sudo.)