Date: Mon, 10 Apr 2000 17:48:43 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Spidey <beaupran@iro.umontreal.ca> Cc: bugs@freebsd.org Subject: Re: bin/17910: Do not allow 'operators' to drop to single user via shutdown Message-ID: <20000410174843.A6634@orion.ac.hmc.edu> In-Reply-To: <14578.29173.529447.273595@anarcat.dyndns.org>; from beaupran@iro.umontreal.ca on Mon, Apr 10, 2000 at 08:29:41PM -0400 References: <20000410205113.4E0C219BC@anarcat.dyndns.org> <20000410142640.A16425@orion.ac.hmc.edu> <14578.29173.529447.273595@anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 10, 2000 at 08:29:41PM -0400, Spidey wrote: > Oh. The system asks the root password on single-user shutdown when the > console is marked as insecure? That is great. I think it solves it all. From /etc/ttys: # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. You do that by removing the secure flag. If you're happy with this solution, please reply and ask that the PR be closed (I can't do it.) > I found it weird that this was all wide open like that. :)) Giving out operator perms is probalby not the best idea. If nothing else, a user in group operator can read any file on the system if they are willing to take the time to do it. Hopefully some of these problems will be lessened by the capabilities code from the TrustedBSD project (http://www.TrustedBSD.org/). For now, if you need to give out operator perms, you'll have to expect to close related holes yourself. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000410174843.A6634>