1 |
Or to turn it around, on a user managed workstation its both |
2 |
inconvenient and adds little to security. In fact, its easiest to just |
3 |
keep a root window open and run it from there - which is insecure if you |
4 |
walk away and leave it running. |
5 |
|
6 |
The point I am trying to make is that forcing useful tools to run as |
7 |
root for everyone makes little sense on a user managed workstation and |
8 |
can be counter-productive as above when users just work around the |
9 |
restrictions in an insecure manner. |
10 |
|
11 |
Perhaps a "secure_options" use flag to cater for those who work in |
12 |
multiuser/insecure environments? I would rather not suffer an unusable |
13 |
system because a few users have special requirements. |
14 |
|
15 |
BillK |
16 |
|
17 |
On Wed, 2003-12-17 at 09:16, Bill Moritz wrote: |
18 |
> > SUID exploits are based on the premise that you've already access to |
19 |
> > the system in question. If you don't trust people with accounts on |
20 |
> > your system, they shouldn't have it. |
21 |
> |
22 |
> What about people that run shell servers? Should I have an interview |
23 |
> process and a background check on anyone that wants to pay for access to my |
24 |
> systems? |
25 |
> |
26 |
> > Just another $.02 |
27 |
> > |
28 |
> > -d |
29 |
> |
30 |
> -bill |
31 |
> |
32 |
> -- |
33 |
> gentoo-security@g.o mailing list |
34 |
|
35 |
|
36 |
|
37 |
-- |
38 |
gentoo-security@g.o mailing list |