[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

* Thomas Bushnell BSG (tb@becket.net) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > Same way you know that the system administrator hasn't modified a file
> > in /usr/bin.
> Um, I know that by comparing the contents against a known-true
> version.  How do I detect whether the system administrator has used a
> UID?

Except last I checked, we don't do such comparison.  If you really
wanted to know if the UID was used you could do a find /, etc.  Neither
is necessary though, which is the point.

> Moreover, the consequences of getting the one wrong are that you
> delete the sysadmin's changes.  The consequences of the other are an
> important and difficult-to-detect security hole.

This is just patently false, as has been pointed out elsewhere.  What
security hole, exactly, is created by orphaning a file?



Attachment: signature.asc
Description: Digital signature

Reply to: