From owner-freebsd-questions@FreeBSD.ORG Fri Jan 12 00:57:59 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1445C16A40F for ; Fri, 12 Jan 2007 00:57:59 +0000 (UTC) (envelope-from list@museum.rain.com) Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37]) by mx1.freebsd.org (Postfix) with ESMTP id EB18513C468 for ; Fri, 12 Jan 2007 00:57:58 +0000 (UTC) (envelope-from list@museum.rain.com) Received: from ns.umpquanet.com (localhost [127.0.0.1]) by ns.umpquanet.com (8.13.8/8.13.8) with ESMTP id l0C0XGsp038256; Thu, 11 Jan 2007 16:33:16 -0800 (PST) (envelope-from list@museum.rain.com) Received: (from james@localhost) by ns.umpquanet.com (8.13.8/8.13.8/Submit) id l0C0XF0p038255; Thu, 11 Jan 2007 16:33:15 -0800 (PST) (envelope-from list@museum.rain.com) Date: Thu, 11 Jan 2007 16:33:15 -0800 From: James Long To: Nathan Vidican , questions@freebsd.org Message-ID: <20070112003315.GA37679@ns.umpquanet.com> References: <20070111052604.BAC5D16A575@hub.freebsd.org> <20070111062058.GA44045@ns.umpquanet.com> <45A6412C.308@vidican.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45A6412C.308@vidican.com> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: keramida@ceid.upatras.gr, chandler@chapman.edu, maanjee@gmail.com Subject: Re: How dangerous a Standard User could be to a FreeBSD box? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2007 00:57:59 -0000 On Thu, Jan 11, 2007 at 08:52:44AM -0500, Nathan Vidican wrote: > > > > > How dangerous a Standard User could be to a FreeBSD box? > > > > Depending on local setup, this could range from 'not at all' to > > > > 'extremely'. Do you have a *specific* setup in mind? > > > Standard user with the root password, a bag of explosives, a .45 magnum, > > > and a chip on his shoulder, say? > > Yeah, and even a user with no account or password, a screwdriver, and > > a Mountain Dew. > Gotcha all beat, screw the 'standard user' issue... I had a client call > me once cause the office cat peed onto/into the server; no technical > expertise required whatsoever, no password, no re-wiring of network, > heck no opposable digits even or anything else for that matter, yet it > still managed to kill the server ;) Ah yes, the infamous cat(1) ppp(8) exploit. Much harder to clean up than cat(1) dump(8), too. Fortunately, the worst problem I've had with mine is occassional race conditions with mouse(4). Jim