On Tue, 3 Jan 2006 20:24:44 +0200, Juha Erkkila <[EMAIL PROTECTED]> wrote:
>On Tue, Jan 03, 2006 at 07:04:36PM +0100, Joachim Schipper wrote: >> On Tue, Jan 03, 2006 at 12:45:46PM -0500, Michael Erdely wrote: >> > Add dad to the operator group which can run /sbin/shutdown without sudo. >> >> That's not a very good idea. >> >> $ ls -la /dev/wd* >> brw-r----- 1 root operator 0, 0 Nov 2 18:20 /dev/wd0a >> brw-r----- 1 root operator 0, 1 Nov 2 18:20 /dev/wd0b >> brw-r----- 1 root operator 0, 2 Nov 2 18:20 /dev/wd0c >> <more> >> brw-r----- 1 root operator 0, 15 Nov 2 18:20 /dev/wd0p >> brw-r----- 1 root operator 0, 16 Nov 2 18:19 /dev/wd1a >> <and so on> >> >> And operator has more priviliges; more than enough to trash the system, >> if he wants to, or to get root, if he is somewhat skilled. Far better to >> just change a single line in /etc/sudoers. > >while i don't disagree with your advice, could you still advice me >on messing things up with operator privileges, as i'm curious... >because i can't see how being able to read disks will give out >enough information to do either > >Juha The ability to read any file on the system is a *clear* violation of the "Principle of Least Privilege." Let's say, for the sake of argument, that the user account is some how compromised; Do you really want the attacker to be able to read every file on the system? -Obviously, letting a user account read everything makes it easier for the attacker to escalate their privileges. The rule of thumb for granting privileges is simple; avoid granting permissions whenever possible. jcr
