On Wed, Feb 26, 2003 at 05:42:43PM -0800, Alvin Oga wrote: > and if i was admining your box... i'd "chmod 750 /sbin /usr/sbin" > and hide/remove root passwds so that i can sleep late or wont be > paged because something broke
...which, even if it doesn't break things (like another poster's mention of pon/pppd), doesn't seem like it would do any good. Even ignoring the possibility of users building/copying their own version of the binaries in (/usr)?/sbin (since this can be prevented by having all user-writable filesystems mounted noexec - although this isn't an option if you have developers on the box), there's still the little detail that, in order to get them to do anything harmful, you need root privileges. And once an attacker is root, the 750 permissions won't stop him anyhow. It only protects against people who can't do any harm in the first place. -- The freedoms that we enjoy presently are the most important victories of the White Hats over the past several millennia, and it is vitally important that we don't give them up now, only because we are frightened. - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
