Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Or to turn it around, on a user managed workstation its both
inconvenient and adds little to security. In fact, its easiest to just
keep a root window open and run it from there - which is insecure if you
walk away and leave it running.
The point I am trying to make is that forcing useful tools to run as
root for everyone makes little sense on a user managed workstation and
can be counter-productive as above when users just work around the
restrictions in an insecure manner.
Perhaps a "secure_options" use flag to cater for those who work in
multiuser/insecure environments? I would rather not suffer an unusable
system because a few users have special requirements.
BillK
On Wed, 2003-12-17 at 09:16, Bill Moritz wrote:
> > SUID exploits are based on the premise that you've already access to
> > the system in question. If you don't trust people with accounts on
> > your system, they shouldn't have it.
>
> What about people that run shell servers? Should I have an interview
> process and a background check on anyone that wants to pay for access to my
> systems?
>
> > Just another $.02
> >
> > -d
>
> -bill
>
> --
> gentoo-security@g.o mailing list
--
gentoo-security@g.o mailing list
|
|
