On Sun, Mar 26, 2006 at 02:39:51AM -0500, Gene Heskett wrote: > On Sunday 26 March 2006 02:16, Matthew R. Dempsky wrote: > >On Sun, Mar 26, 2006 at 12:46:14AM -0500, Gene Heskett wrote: > >> Giving everybody access to ifconfig and its ilk sure sounds like a > >> big security hole to me. > > > >That's ridiculous. If adding ifconfig to your users' PATH is a > > security concern, your system is already at risk. > > But what happens in a corporate setting with more than 1 subnet, one > having a good firewall that only lets in filtered email, and one thats > relatively wide open, and both thru the same switch? I don't think > you'd want a savvy user switching the machine from one subnet to the > other Letting people switch their machines between networks just by changing its IP address is the security risk here, not giving them access to their own IP address/netmask -- information which can be gotten from other sources anyway. If the network admin did not want machines jumping between networks then they would lock down switch ports and use vlans. ifconfig is irrelevant here. > and allowing in a boatload of viri or porn. There is no such word as viri btw. http://linuxmafia.com/~rick/faq/plural-of-virus.html -- http://strugglers.net/wiki/Xen_hosting -- A Xen VPS hosting hobby Encrypted mail welcome - keyid 0x604DE5DB
Attachment:
signature.asc
Description: Digital signature