Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Mar 2002 20:40:53 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Garrett Wollman <wollman@lcs.mit.edu>
Cc:        security@FreeBSD.ORG
Subject:   Re: make world and setuid bits
Message-ID:  <20020328204053.O97841@blossom.cjclark.org>
In-Reply-To: <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>; from wollman@lcs.mit.edu on Thu, Mar 28, 2002 at 09:55:52PM -0500
References:  <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter> <20020328174304.L97841@blossom.cjclark.org> <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 28, 2002 at 09:55:52PM -0500, Garrett Wollman wrote:
> <<On Thu, 28 Mar 2002 17:43:04 -0800, "Crist J. Clark" <cjc@FreeBSD.ORG> said:
> 
> > Some sites may use this policy, but I would never like it. It requires
> > direct logins as root.
> 
> It may make some sense in limited circumstances.  For example, my
> Kerberos KDC has only one interactive user (root), does not support
> network login (duh!), and is locked in a box in one of my machine
> rooms.  *Any* escalation of privilege on that machine represents a
> serious security problem.

Again, personally, if more than one user has access to the machine, I
prefer to have people individual accounts and su(1) to root for the
sake of an audit trail (Obviously, people who have root and physical
access can almost certinly tamper with the logs, but it is still
useful). YMMV.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328204053.O97841>