Date: Tue, 25 Jun 1996 19:03:49 GMT From: hal@snitt.com (Hal Snyder) To: chat@freebsd.org Subject: The Vinnie Loophole Message-ID: <31d0216c.1105698438@vogon.trans.sni-usa.com>
next in thread | raw e-mail | index | archive | help
[Moved from security to chat for soapboxing]
I said:
> > 1. How about adding checks for "." or equivalent in $PATH to
> > /etc/security? Scan for it in .profile, .bashrc, and so forth. This
> > would not catch every offense but would help.
David Greenman didn't want something scanning whole file systems (the
way /etc/security looks for setuid/setgid changes now).
And On Tue, 25 Jun 1996 12:42:33 -0400 (EDT), Jeff Aitken
<jaitken@cslab.vt.edu> wrote:
> filling my system logs is *not* what I consider helpful. If you put "."
> last in the path you should be fine.
Previous contributors to the massive "Please Help Me..." thread have
pointed out that this only works if you never misspell a command nor
try to use one that isn't in your PATH (ping is often not in an
ordinary user's PATH, e.g.).
Clearly, there is no way to please all users of an operating system.
My particular slant comes from spending too much time already dealing
with FreeBSD-phobes at work. ("It's free - it can't possibly be:
secure/robust/useful/...") Commercial users want to be reassured by
sales droids and glitzy packaging that something is basically O.K.
Of course, they are also suspicious of open-ended technology like
UNIX, that can perform more than a single, simple function.
Anything that can be done to keep novice sysadmins from hurting
themselves is worth looking at, just to keep the noise level down
about how dangerous U**X is.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31d0216c.1105698438>