[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Create a canned "Firewall Build"?



On 21/02/2002, Ted U <grendel_(_at_)_heorot_(_dot_)_stanford_(_dot_)_edu> wrote Cc misc_(_at_)_openbsd_(_dot_)_org:
> irrelevant to system security.  so what if joe can read john's files?
> that's no closer to root.  the only umask that matters is root.  and if
> you're messing around as root, you should triple check everything you do
> anyway.

That's not true. If Joe can read the ssh keys from John and John
is in 'wheel', Joe has more possibilities to guess the root
password. Or he has more access anyway, since he can elevate
his GID.

Just as an example .. think in worst-cases ..

ciao
-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?