Re: Understanding /root, /usr, /var and so on

To: debian-user@lists.debian.org
Subject: Re: Understanding /root, /usr, /var and so on
From: "S. Keeling" <keeling@spots.ab.ca>
Date: Wed, 29 Mar 2006 15:06:53 -0700
Message-id: <[🔎] E1FOioX-0003Vl-Pe@infidel.spots.ab.ca>
Reply-to: keeling@spots.ab.ca
In-reply-to: <5Uwiz-6bg-5@gated-at.bofh.it>
References: <5UsoC-zA-7@gated-at.bofh.it> <5UsoC-zA-5@gated-at.bofh.it> <5Uw8T-5YS-7@gated-at.bofh.it> <5Uwiz-6bg-5@gated-at.bofh.it>

In linux.debian.user, gene.heskett wrote:
> 
>  I have a silly question though, why does the user need access to 
>  ifconfig?  If the admin is doing his job, it seems that the network 

On some (many?) boxes, the user == the administrator, just not logged
in as root.  Not everyone has the privilege of owning their own admin.
Not everyone's insane enough to run non-Debian on their *own* boxes
given the choice.

>  shouldn't have, nor need access to ifconfig.  Giving everybody access 
>  to ifconfig and its ilk sure sounds like a big security hole to me.

Ridiculous:

   - cd /sbin ; ./ifconfig

   - cd ; /sbin/ifconfig

   - "export PATH=/sbin:$PATH" (not that I'm suggesting anyone
     do this :-)

I guess Debian's just full of security holes!  :-P  Oh, wait, this
works on any *nix box!  CERT!  Oh geez, look at all those other
powerful tools in /sbin they have access to as well!  Aaiiiiii!

-- 
    Any technology distinguishable from magic is insufficiently advanced.
    (*)    http://www.spots.ab.ca/~keeling           Linux Counter #80292
    - -    Spammers! http://www.spots.ab.ca/~keeling/emails.html
           http://www.ietf.org/rfc/rfc1855.txt

Reply to:

Prev by Date: Re: How to find software?
Next by Date: Re: accidental firewall
Previous by thread: Re: Understanding /root, /usr, /var and so on
Next by thread: sid tasksel postgresql remove error
Index(es):
- Date
- Thread