[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Create a canned "Firewall Build"?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Create a canned "Firewall Build"?
- From: Philipp Buehler <lists_(_at_)_fips_(_dot_)_de>
- Date: Thu, 21 Feb 2002 10:16:53 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: Philipp Buehler <lists_(_at_)_fips_(_dot_)_de>
On 21/02/2002, Ted U <grendel_(_at_)_heorot_(_dot_)_stanford_(_dot_)_edu> wrote Cc misc_(_at_)_openbsd_(_dot_)_org:
> irrelevant to system security. so what if joe can read john's files?
> that's no closer to root. the only umask that matters is root. and if
> you're messing around as root, you should triple check everything you do
That's not true. If Joe can read the ssh keys from John and John
is in 'wheel', Joe has more possibilities to guess the root
password. Or he has more access anyway, since he can elevate
Just as an example .. think in worst-cases ..
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p>
#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?
Visit your host, monkey.org