> I don't know much about exim's guts, but is there a point in starting it
> as "mail" if it's SUID root?
> -rwsr-xr-x1 root root 466308 sie 15 01:13 /usr/sbin/exim
There is a "small" point of binding to port 25. Only root can do
that. I have not looked at exim's code, but if run
On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis wrote:
> ps: From a personal perspective, I think Linux is about where Windows
> 3.0 was. This is not a troll, just a usability thing.
No, it's about where win3.11 was in a lot of ways. Modulo the
stability &&etc.
--
Share and En
To be blunt, I don't think one can entirely protect ones self from root,
nor do I believe it's an "All Good" idea.
Root Is God. This is a multi-user, full-time, "networked" device. Root
bears the responsibility of everything that happens to that machine.
They are answerable to everyone, not just o
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:39, Mathias Gygax wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
>
> maintainer is someone else. root is there for serving the daemons.
> admi
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:21, Oyvind A. Holm wrote:
> On 2001-11-15 19:11 Florian Bantner wrote:
> Another thing is... You're a bit concerned that root can read your
> mail. A good advice is to never - NEVER place your private (secret) key
> on another machin
On Mon, Nov 19, 2001 at 10:24:05AM +0900, Howland, Curtis wrote:
> ps: From a personal perspective, I think Linux is about where Windows
> 3.0 was. This is not a troll, just a usability thing.
No, it's about where win3.11 was in a lot of ways. Modulo the
stability &&etc.
--
Share and E
To be blunt, I don't think one can entirely protect ones self from root,
nor do I believe it's an "All Good" idea.
Root Is God. This is a multi-user, full-time, "networked" device. Root
bears the responsibility of everything that happens to that machine.
They are answerable to everyone, not just
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:39, Mathias Gygax wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
>
> maintainer is someone else. root is there for serving the daemons.
> adm
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:21, Oyvind A. Holm wrote:
> On 2001-11-15 19:11 Florian Bantner wrote:
> Another thing is... You're a bit concerned that root can read your
> mail. A good advice is to never - NEVER place your private (secret) key
> on another machi
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote:
> thanks, you just made me laugh!
you set lamer detector to orange.
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote:
> excellent. you know what i did: i just remove the root:0:... line from
> /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> security. yeah!
before you shout, think twice. this is READ-only on my system. you don
* Wade Richards <[EMAIL PROTECTED]> [2001.11.15 22:17:39-0800]:
> This is the sort of absolutist nonsense that gives security experts a
> bad name. After all, anyone armed with a chainsaw can cut through a
> solid oak door in a matter of hours, so why bother installing a deadbolt
> on your door?
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
^^
> can very fine tune the setup. fo
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
... which root can change at convenience. this
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote:
> thanks, you just made me laugh!
you set lamer detector to orange.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote:
> excellent. you know what i did: i just remove the root:0:... line from
> /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> security. yeah!
before you shout, think twice. this is READ-only on my system. you do
* Wade Richards <[EMAIL PROTECTED]> [2001.11.15 22:17:39-0800]:
> This is the sort of absolutist nonsense that gives security experts a
> bad name. After all, anyone armed with a chainsaw can cut through a
> solid oak door in a matter of hours, so why bother installing a deadbolt
> on your door?
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
^^
> can very fine tune the setup. f
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
... which root can change at convenience. this
On Sun, Nov 18, 2001 at 03:02:30PM +1000, Paul Haesler wrote:
> > it is a Good Thing to have an MTA which does not run as
> > root. I found the argument persuasive, and happily installed postifx.
> > I do miss one thing from exim, however.
>
> Default debian installation of exim runs as mail:
On Sun, Nov 18, 2001 at 03:02:30PM +1000, Paul Haesler wrote:
> > it is a Good Thing to have an MTA which does not run as
> > root. I found the argument persuasive, and happily installed postifx.
> > I do miss one thing from exim, however.
>
> Default debian installation of exim runs as mail:
21 matches
Mail list logo
