[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packet sniffing & regular users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Stone escreveu:
:: On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe
:: Augusto van de Wiel (faw) wrote:

::::     I don't exactly, but, if you already allow your
:::: users to use sudo/su solutions, why are you trying to
:::: change it and... if you are planning to use any "non
:::: encrypted" authentication protocol over the network,
:::: your users will have access to things like "root pass".

:: Letting users run tcpdump with root privs opens a lot
:: more vulnerabilities than letting them sniff without
:: root privs. (E.g., with the sudo approach they can
:: clobber or possibly read arbitrary files on the local
:: system.) People tend to run around advocating sudo
:: everywhere when in fact doing so is *a lot* more
:: dangerous than a real least-privilege system.

	Just to clarify, I was not advocating sudo, I was
just trying to understand why he wants to change the sudo/su
solution by something else. :)

- --
//////////
// Felipe Augusto van de Wiel (faw) <felipe@cathedrallabs.org>
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project  || http://www.debian.org/
//////////
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFCJwzuCjAO0JDlykYRAkSLAJ97GepmOXL6x1DTydLWf6nZVVLQLwCePUtH
IOjrt7/gQ6wBcVJ3ju0dHxQ=
=Ydw9
-----END PGP SIGNATURE-----
Reply to: