Re: Preparing Debian for using capabilities: file ownership.

To: "Carl R. Witty" <cwitty@newtonlabs.com>
Cc: Nicolás Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
Subject: Re: Preparing Debian for using capabilities: file ownership.
From: Joey Hess <joeyh@debian.org>
Date: Tue, 26 Sep 2000 15:23:55 -0700
Message-id: <[🔎] 20000926152354.D3798@kitenet.net>
Mail-followup-to: Joey Hess <joeyh@debian.org>, "Carl R. Witty" <cwitty@newtonlabs.com>, Nicolás Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
In-reply-to: <[🔎] v4j8zseyf8y.fsf@bogomips.newtonlabs.com>; from cwitty@newtonlabs.com on Tue, Sep 26, 2000 at 03:12:29PM -0700
References: <[🔎] 20000920222406.B426@debian.org> <[🔎] 8qgqc9$sd7$1@enterprise.cistron.net> <[🔎] 20000923010717.A701@debian.org> <[🔎] 969695071.2762c631@debian.org> <[🔎] 20000923161918.A3309@debian.org> <[🔎] 20000926144955.A3801@kitenet.net> <[🔎] v4j8zseyf8y.fsf@bogomips.newtonlabs.com>

Carl R. Witty wrote:
> There is at least one way in which root is less vulnerable than bin to
> cracking.  If your machine has files exported via NFS with
> root_squash, then somebody who cracks root on a client machine can
> modify files owned by bin on your machine, but not files owned by
> root.  There may be other similar security measures aimed at
> protecting root in particular.

Ah, you're right. Of course this is another example of the root-specific
security measures mentioned elsewhere on this thread (and a damn good
one too).

-- 
see shy jo

Reply to:

References:
- Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: miquels@cistron.nl (Miquel van Smoorenburg)
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Raul Miller <moth@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Joey Hess <joeyh@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: cwitty@newtonlabs.com (Carl R. Witty)

Prev by Date: Re: Preparing Debian for using capabilities: file ownership.
Next by Date: Re: Preparing Debian for using capabilities: file ownership.
Previous by thread: Re: Preparing Debian for using capabilities: file ownership.
Next by thread: Re: : Question regarding actions to take on --purge of a package.
Index(es):
- Date
- Thread