Re: Rationale

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Rationale
From: Mark Roach <mrroach@okmaybe.com>
Date: Mon, 01 Dec 2003 14:16:13 -0500
Message-id: <[🔎] 1070306172.5496.31.camel@flmrroach.okmaybe.com>
In-reply-to: <[🔎] 1070304382.542.35.camel@nmscow12.deven1.ov.home.nl>
References: <1070229694.541.111.camel@nmscow12.deven1.ov.home.nl> <[🔎] 1070304382.542.35.camel@nmscow12.deven1.ov.home.nl>

On Mon, 2003-12-01 at 13:49, John Smith wrote:

> 	thanks for your remarks, they answer most of my questions,
> as did a thorough grep session on debian-policy, (thanks Paul). What
> I'm bothered with is that convenience takes precedence over security
> in this case. The example of an [evil/compromised] application
> manager with write access to one of the /local directories, who
> inserts a trojan named passwd is probably obvious to all. <Asbestos>
> Two other os-es that I'm thoroughly familiar with, Netware and 
> Windows, insert for this exact reason the system paths before the
> local paths. </Asbestos>

Hmm, being that windows always puts . first in the path, I would ignore
any other path-related "security features" they put into place.

The real answer to your question is: don't put users you don't trust in
the staff group... seems pretty simple.

As for login.defs: (from the manpage)

"Much of the functionality that used to be provided by the shadow 
pass‐word  suite  is now handled by PAM.  Thus, /etc/login.defs is no
longer used by programs such as login(1), passwd(1) and su(1).   Please 
refer to the corresponding PAM configuration files instead."

-- 
Mark Roach

Reply to:

References:
- Re: Rationale
  - From: John Smith <netman1@home.nl>

Prev by Date: Re: Switch to Sarge lost browser link in Mutt
Next by Date: Re: unchecked 31 times
Previous by thread: Re: Rationale
Next by thread: Re: Rationale
Index(es):
- Date
- Thread