*********** REPLY SEPARATOR ***********
On 24/12/99 at 15:30 Justin Cormack wrote:
>
>Well I am inclined to report this as a bug with major security
implications.
>
>As far as I can see it is only acceptable to be asked for a root password
>if you have explicitly requested root access (eg su or login). Adding a
>graphical way of requesting root access (eg a program called [gxk]root say
>that simply produced a menu of programs that would then be run as root)
>could be acceptable, but producing unrequested root password requests
>is not acceptable, indeed is a major security problem.
>
>Justin
Maybe I am missing something....
Any OS can have things that are meant to be run as an eqv to root, but will
prompt for passwd if the requestors level is not high enough....
a bug maybe.........but a security problem, how so ?
--
Greg Wright
IT Consultant Sydney Australia PH 0418 292020
Available for Global Contracts Int. +61 418 292020
web http://www.ausit.com e-mail [EMAIL PROTECTED]
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
