Warning: I'm not an expert.
On Wed, Sep 27, 2000 at 10:54:04AM +1100, Brian May wrote:
> - is root still required? If so why and what for?
Exactly.
Or, put another way, we're going to have to re-write a lot
of administrative docs to adapt to a capabilities-based
security setup. And then we'll
> "s" == s Lichtmaier writes:
>> > That's not true, capabilities can be handled with system
>> calls. A daemon > may drop all capabilities except the one
>> needed to bind to privileged ports. > But the daemon would
>> still be ran with UID 0, and be able to modify/access > a
Carl R. Witty wrote:
> There is at least one way in which root is less vulnerable than bin to
> cracking. If your machine has files exported via NFS with
> root_squash, then somebody who cracks root on a client machine can
> modify files owned by bin on your machine, but not files owned by
> root.
Joey Hess <[EMAIL PROTECTED]> writes:
> Nicolás Lichtmaier wrote:
> > Your point is so obvious. duh... how did I miss that?
> > Of course that cracking bin would be like cracking root...!
>
> This is not an issue if
>
> a) bin has no passowrd so people cannot log in as bin
> and
> b) nothing on
Seth Arnold wrote:
> > This is not an issue if
> >
> > a) bin has no passowrd so people cannot log in as bin
> > and
> > b) nothing on the system is suid bin
>
> Joey, if bin owns ls, then someone that cracks the bin account (via some
> non-interactive means) could replace ls with a version of ls
* Joey Hess <[EMAIL PROTECTED]> [000926 14:52]:
> Nicolás Lichtmaier wrote:
> > Your point is so obvious. duh... how did I miss that?
> > Of course that cracking bin would be like cracking root...!
>
> This is not an issue if
>
> a) bin has no passowrd so people cannot log in as bin
> and
> b)
Nicolás Lichtmaier wrote:
> Your point is so obvious. duh... how did I miss that?
> Of course that cracking bin would be like cracking root...!
This is not an issue if
a) bin has no passowrd so people cannot log in as bin
and
b) nothing on the system is suid bin
--
see shy jo
7 matches
Mail list logo
