another 'su encancer'
Kee Hinckley
nazgul at alphalpha.com
Sat Apr 27 12:53:25 AEST 1991
In article <1991Apr26.142736.21272 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
>I think you guys are missing the point. Any command that grants
>unrestricted privilege to even one user without confronting them
>with a password is a security hole. All I have to do is be that
>user, through Trojan horses, people absent from their offices,
>TIOCSTI usurpation, etc.
What kind of places do you guys work anyway? Does paranoia
really reign supreme? The last place I worked had around 2000
workstations all on the same remote file system (none of this NFS
mount nonsense) and I'd say that 1 out of every 10 people (at the
least) had a command lying around so they could become root as
necessary. Boom, instant access to over a terabyte of data. Sure
it was possible to disable remote root access - but hardly anyone
did. Besides which, most everything was at least _readable_ by
everybody.
Unauthorized root privileges aren't a security problem, they're
a social problem.
--
Alfalfa Software, Inc. | Poste: The EMail for Unix
nazgul at alfalfa.com | Send Anything... Anywhere
617/646-7703 (voice/fax) | info at alfalfa.com
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
More information about the Alt.sources.d
mailing list