List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
> Or to turn it around, on a user managed workstation its both
> inconvenient and adds little to security. In fact, its easiest to just
> keep a root window open and run it from there - which is insecure if
> you walk away and leave it running.
> The point I am trying to make is that forcing useful tools to run as
> root for everyone makes little sense on a user managed workstation
> and can be counter-productive as above when users just work around
> the restrictions in an insecure manner.
If you produced a product, would you want it to be considered secure or
insecure out of the box? I think anyone currently looking at the various
worms and virii bombarding thier internet connections can answer that one.
I personally would rather have a secure product. With Gentoo, who's theme
is "totally configurable", the product will only be as insecure as you make
> Perhaps a "secure_options" use flag to cater for those who work in
> multiuser/insecure environments? I would rather not suffer an unusable
> system because a few users have special requirements.
I think we should call it the "insecure_worm-promoting_microsoftesc_options"
use flag. Once again, typing sudo really isn't that big of an
inconvienece. You could even write an alias for traceroute to
exec "sudo /usr/sbin/traceroute".
> On Wed, 2003-12-17 at 09:16, Bill Moritz wrote:
> > > SUID exploits are based on the premise that you've already access to
> > > the system in question. If you don't trust people with accounts on
> > > your system, they shouldn't have it.
> > What about people that run shell servers? Should I have an interview
> > process and a background check on anyone that wants to pay for access to
> > systems?
> > > Just another $.02
> > >
> > > -d
> > -bill
> > --
> > email@example.com mailing list
> firstname.lastname@example.org mailing list
------- End of Original Message -------
email@example.com mailing list