[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root is God? (was: Mutt & tmp files)

Hi,

Mathias Gygax wrote:
> 
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> 
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
> 
> this is, with the right patches applied, not true.

well, i thought this is the definition of root.

> > > What's about rsbac? Are there other strategies against root available?
> >
> > root usually has physical access to the hardware anyway.
> 
> but root usually also does have remote access.
> 
> take a look at http://www.lids.org LIDS.

i wanted to post something about lids, but then i thought, it doesn't
make sense in this case.
lids removes rights from the user root and the programms, which are
started by root (or init at startup).

now we have the case, that someone does not trust the root user.
i think with root-user the author means the man or woman, who has
installed the server or is administrating it.
if this user is installing lids, he can disable lids or configure it
so, that he can read the mails...

when there are several systemadministrators, does is really make sense
to install lids to have the possibility to give other (untrusted)
users the root-pw?
i don't think so.

bye
Ralf
Reply to: