| 1 |
On Wednesday 19 September 2007, Mike Doty wrote: |
| 2 |
> John R. Graham wrote: |
| 3 |
> > like sys-apps/miscfiles. But where it should or shouldn't come from |
| 4 |
> > doesn't answer the fundamental question, "Shouldn't it be there, from |
| 5 |
> > *some* source?" |
| 6 |
> |
| 7 |
> Easy answer: no. Do you really want any script to automatically run |
| 8 |
> when you login as root? think of exploits and the ability to do |
| 9 |
> "/bin/echo rm -rf / >> /root/.bash_profile" |
| 10 |
|
| 11 |
coreutils will not `rm -rf /`: |
| 12 |
rm: cannot remove root directory `/' |
| 13 |
|
| 14 |
that said, anyone who has write access to /root owns the system ... whether |
| 15 |
the file exists by default is irrelevant |
| 16 |
-mike |
Archives