Robert Connolly wrote these words on 08/27/06 22:20 CST: > All I'm trying to say is that adding someone to group root should not be > exploitable, at least not without further misconfiguration.
And all Bruce (as well as myself) is saying is that *nobody* should be added to the root group unless that person is trusted with root privileges. Robert, please name just *one* instance where an admin would add somebody to the root group, but wouldn't trust that person with root privileges. Bottom line is that nobody should be added to the root group unless that person is a trusted user. -- Randy rmlscsi: [bogomips 1003.23] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3] [GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686] 22:38:01 up 3 days, 7:08, 1 user, load average: 0.02, 0.02, 0.00 -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
