[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded tmpreaper 1.4.8 (source i386) to master

Paul Slootman wrote:
> >      [...]   Secondly, once you start weakening what a normal user can do,
> 
> Who's weakening what a normal user can do?  I don't see on what
> arguments you conclude that

In fact, I meant to say the opposite.

Once you start >broadening< what a normal user can do, even on a system
where all users are trusted, you're paving a path for someone malicious to
use when they do crack into your system.

> If someone cracks into a system, they won't waste their time mucking
> about with /tmp, they'll continue using the hole they've already
> exploited...

I crack into system x and get user foo's account. If the admin is smart this
means that user foo has a bad time, his mail is deleted, something nasty is
put up on his web page, etc. If the admin is not exercising proper security,
the next step is to try to crack root and/or exploit holes to do things like
delete /etc/passwd.

I trust everyone on my system, that doesn't mean I give them free reign on
it. The one time one of my users was cracked, I was very glad of this.

-- 
see shy jo
Reply to: