Obviously I had to assume a username and password of five characters.

Go ahead and guess the username I'm using on this linux box. It's not what you might think

And I never said anything about remote access... so careful about what you've assumed...

Why should I have to guess your password? A hacker would be using a dictionary attack.

But since you don't want me to make assumptions, please eliminate the need for them. Explain EXACTLY what circumstances for a hacking attempt you're talking about, where Ubuntu's sudo is supposedly more secure.

Oh--I didn't bother noting it before, but a 5 letter password is simply not sufficiently secure for anything where a brute force attack is possible (regardless of whether it would be guessable via dictionary attack).

In any case, a normal root account with a 10 letter password is more secure than a user account with a 5 letter userid and 5 letter password.

Oh--but there are those ASSUMPTIONS again...so please. Explain precisely what sort of situation you're imagining where Ubuntu's sudo default is more secure than a root account.

At any rate, as far as I'm concerned the proof is in the pudding. The majority of servers on the 'net have normal root accounts, proving every day by example that they can be sufficiently secured.

No, it's just word wrap.

I have logged into a XUBUNTU box (which is the same thing as Ubuntu except the windows manager is XFCE, not Gnome) as root with ssh. Most Ubuntu boxes allow logging in as root because that's the way Ubuntu comes by default. If not the user is intelligent enough to disable root logins, then someone will have to try 11 million times 11 million or just simply know a user name.

I've noticed the same thing on SuSE linux when I tried to add a line to the hosts file. It holds true for redirections from the command line and not just the echo command, but not if you sudo to run a script that contains redirections to a read only directory it works. I'm not certain if there is a reason for it this. But it isn't Ubuntu that is doing it.

Why sudo doesn't allow redirection in interactive shells I don't know. Does this mean that a line like
sudo echo "1" > /proc/net/ipv4/ip_forward
won't work?

Actually, sudo has no say on how redirection is handled. Redirection is a shell function. The shell, presumably bash, is running as the normal user. So what happens is:

1. bash interprets the arguments, splitting it up into:

a) sudo -- the command to be executed
b) echo -- the first argument to be passed to the command
c) 1 -- the second argument to be passed to the command (note that bash strips the quotes)
d) /proc/net/ipv4/ip_forward -- the name of the file to redirect output to

2. bash attempts to open up "/proc/net/ipv4/ip_forward" with write access. It fails here, but assuming it could have succeeded, then it would continue...

3. bash executes the command "sudo", passing the arguments "echo" and "1". Any output from this command is processed by bash and is written to "/proc/net/ipv4/ip_forward".

4. When the command "sudo" completes, bash closes the output file and produces a command prompt for user input.

When you put this command in a script, it's still bash doing all this work. The difference is that the instance of bash running the script is a new instance of bash being run by the root user.