[liberationtech] "uVirtus Linux, encrypted OS for Syria": a security review

[Maxim Kammerer]

On Fri, Feb 7, 2014 at 2:37 AM, Sahar Massachi <Sahar at brandeis.edu> wrote:
> The fact that there's a "naked sudo" hole is brutal.
>
> Forgive me if I misunderstand the problem, but how could *anyone* ship a
> distribution with a passwordless sudo? That seems like it requires
> deliberate malice to even set up.

Careful here: Tails had passwordless sudo prior to v0.11, less than 2
years ago. So either unlimited local root access is not such a big
deal, or recommendation to use Tails is short-sighted — in either case
the report has a problem. I suggest that the report author sweeps both
issues under the carpet simultaneously using a politically correct
language referencing problems that were taken care of a long time ago,
and are not that critical to begin with.

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte