Re: root access and dselect | ftp
On Sun, 22 Feb 1998 02:28:06 +0100, Remco Blaakmeer wrote:
> On Fri, 20 Feb 1998, David Stern wrote:
> > It occurred to me that running dselect | ftp as root could potentially
> > compromise root access.
> >
> > I don't want users to be able to run dselect, and I don't want to loose
> > the power of dselect by downloading all packages and package lists
> > individually, but I want to decrease the potential of root access being
> > compromised while running dselect | ftp.
> >
> > What's an intelligent solution?
>
> Could you please explain why and how it could "compromise root access"?
What I'm trying to do is make my ppp connection as secure as possible,
and one of the first things I realized is that whenever I'm running
dselect, I'm root, and that I might be connected to the internet for
long enough such that my ip address could be attacked, and I know there
are different types of attacks, and my assumption was that if I'm
running as root, then it would conceivably be possible to get root
access. (you get the idea, I hope)
Let's assume I'm wrong, and that it is not possible for root access to
be compromised while I am connected to the net running as root. If so,
then why shouldn't everyone always run as root while connected to the
net -- does ftp have added security features? (if so, please briefly
explain)
--
D a v i d S t e r n
------------------------------------------------------------------
http://weber.u.washington.edu/~kotsya
kotsya@u.washington.edu
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: