[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root is God? (was: Mutt & tmp files)


Mathias Gygax wrote:
> > i wanted to post something about lids, but then i thought, it doesn't
> > make sense in this case.
> i think it does make sense.

as far as i have read the problem is, that the (wo)man, who has a
root-account is able to read mails.
what is the advantage of installing lids compared with removing the
root-account from this (wo)man?

> but... root in this setup is
> useless. you can't do anything that looks like administration.

so, if you can't remove the root right from this person generally, you
can't install lids.

well, i think lids is "only" very useful to "seperate" daemons (e.g.
when sendmail is exploited, the attacker can't modify zone-files from
named or open the named port, even if sendmail runs as root) and to
detect such exploits.


Reply to: