Re: Bits from the release team: the plans for etch

To: Andreas Barth <aba@not.so.argh.org>
Cc: Marc Haber <mh+debian-devel@zugschlus.de>, debian-devel@lists.debian.org
Subject: Re: Bits from the release team: the plans for etch
From: Thomas Bushnell BSG <tb@becket.net>
Date: Wed, 26 Oct 2005 14:45:01 -0700
Message-id: <[🔎] 87sluohs0y.fsf@becket.becket.net>
In-reply-to: <[🔎] 20051026195203.GD6026@ns.snowman.net> (Stephen Frost's message of "Wed, 26 Oct 2005 15:52:03 -0400")
References: <[🔎] 20051026160420.GS6026@ns.snowman.net> <[🔎] 87psps5fvw.fsf@becket.becket.net> <[🔎] 20051026175131.GX6026@ns.snowman.net> <[🔎] 87d5ls2lv4.fsf@becket.becket.net> <[🔎] 20051026181328.GY6026@ns.snowman.net> <[🔎] 20051026182713.GG31042@mails.so.argh.org> <[🔎] 20051026184557.GZ6026@ns.snowman.net> <[🔎] 20051026185134.GC16204@mails.so.argh.org> <[🔎] 20051026185814.GA6026@ns.snowman.net> <[🔎] 87u0f413de.fsf@becket.becket.net> <[🔎] 20051026195203.GD6026@ns.snowman.net>

Stephen Frost <sfrost@snowman.net> writes:

> * Thomas Bushnell BSG (tb@becket.net) wrote:
>> Stephen Frost <sfrost@snowman.net> writes:
>> 
>> > Leaving around unused accounts is plainly wrong too, and also a
>> > potential security risk.  
>> 
>> Can you outline the risk please?
>
> Sure.  Locking accounts isn't necessairly perfect.  

What is an account in the password file?  It's nothing more than the
ability to log in under a given UID.  How is a starred password
anything other than perfect locking of the account?

> Checking that an account is locked requires going through more of
> the authentication system than just checking if the account exists.
> What happens if an admin gives a password to a system account and
> then forgets about the account after purging the software it's
> associated with?

The same thing that happens if he creates a setuid program using that
UID.

Reply to:

Follow-Ups:
- Re: Bits from the release team: the plans for etch
  - From: Stephen Gran <sgran@debian.org>

References:
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>
- Re: Bits from the release team: the plans for etch
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: Bits from the release team: the plans for etch
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: Re: Packages file missing from unstable archive
Next by Date: Re: Bits from the release team: the plans for etch
Previous by thread: Re: Bits from the release team: the plans for etch
Next by thread: Re: Bits from the release team: the plans for etch
Index(es):
- Date
- Thread