From owner-freebsd-newbies Wed Apr 8 05:26:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA25684 for freebsd-newbies-outgoing; Wed, 8 Apr 1998 05:26:50 -0700 (PDT) (envelope-from owner-freebsd-newbies@FreeBSD.ORG) Received: from phoenix.welearn.com.au (suebla.lnk.telstra.net [139.130.44.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA25652 for ; Wed, 8 Apr 1998 05:26:44 -0700 (PDT) (envelope-from sue@phoenix.welearn.com.au) Received: (from sue@localhost) by phoenix.welearn.com.au (8.8.5/8.8.5) id WAA15193; Wed, 8 Apr 1998 22:26:15 +1000 (EST) Message-ID: <19980408222612.43377@welearn.com.au> Date: Wed, 8 Apr 1998 22:26:12 +1000 From: Sue Blake To: Mark Ovens Cc: "Michael P. Sale" , freebsd-newbies@FreeBSD.ORG, dmlb@ragnet.demon.co.uk Subject: Re: mtools use References: <01bd6296$aece1600$5006bccc@708644668> <352B28B2.5BDE9363@uk.radan.com> <19980408194800.21697@welearn.com.au> <352B6955.DD52844F@uk.radan.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: <352B6955.DD52844F@uk.radan.com>; from Mark Ovens on Wed, Apr 08, 1998 at 01:11:01PM +0100 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 08, 1998 at 01:11:01PM +0100, Mark Ovens wrote: > Sue Blake wrote: > > > > On Wed, Apr 08, 1998 at 08:35:14AM +0100, Mark Ovens wrote: > > > > > Note! This will not work if you have a password set for root (which > > > would probably be the case in a commercial environment, but not > > > necessarily on a home machine). > > > > That sounds extremely dangerous to me. > > One day someone you've told might convince you how dangerous it is. > > Meanwhile I hope it doesn't become fashionable among those who are not as > > well able to appreciate the consequences of having no root password. > > > > Yes, you are quite correct, we (I) shouldn't be encouraging people, > especially new users, to run without a root password. It's just 8 years > of working on Unix systems many of which do not have a root password has > got me into bad habits, together with never having trashed a system > because of it (putting that in writing will probably guarantee I'll do > an 'rm -rf /*' as root in the next couple of days ;-) ) has made me > complacent. In my feeble experience, every time something looks like a great idea that'll make life easier it's a security risk or worse. I tend to play it all very boring these days, just to be sure. There's lots of people out there who could do a lot worse with my system than I do, if I gave them half a chance to try. On the Internet the world sits at your keyboard. > I see someone else has posted a message suggesting making mount_msdos a > setuid file which will allow non-root users to run it. Whilst this is > still a bit risky it is much better than not having a root password and > is an acceptable compromise for mounting floppies. Just don't get > carried away and make all executable files setuid. > > I consider my wrists well & truly slapped :-( :-) No slap intended, I just panicked. -- Regards, -*Sue*- find / -name "*.conf" |more To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message