Re: Understanding /root, /usr, /var and so on
On Sunday 26 March 2006 02:16, Matthew R. Dempsky wrote:
>On Sun, Mar 26, 2006 at 12:46:14AM -0500, Gene Heskett wrote:
>> Giving everybody access to ifconfig and its ilk sure sounds like a
>> big security hole to me.
>
>That's ridiculous. If adding ifconfig to your users' PATH is a
> security concern, your system is already at risk.
But what happens in a corporate setting with more than 1 subnet, one
having a good firewall that only lets in filtered email, and one thats
relatively wide open, and both thru the same switch? I don't think
you'd want a savvy user switching the machine from one subnet to the
other and allowing in a boatload of viri or porn. The viri is a huge
PITA to clean up, the porn OTOH, is a huge legal liability in many
locales.
IMO ifconfig is a system function, and the normal user has no need for
access to it, none, nada, zip. As the admin, the admin should be
responsible for that, with those configs locked down for normal users.
Heck, I'm using two subnets here at home with only 3 machines, just for
that exact reason, seperation of responsibilities. Call me paranoid,
but I intend to keep it that way.
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: