From owner-freebsd-security Thu Mar 28 20:40:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 5F6E137B421 for ; Thu, 28 Mar 2002 20:40:54 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020329044054.OGUI2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Fri, 29 Mar 2002 04:40:54 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2T4erj68836; Thu, 28 Mar 2002 20:40:53 -0800 (PST) (envelope-from cjc) Date: Thu, 28 Mar 2002 20:40:53 -0800 From: "Crist J. Clark" To: Garrett Wollman Cc: security@FreeBSD.ORG Subject: Re: make world and setuid bits Message-ID: <20020328204053.O97841@blossom.cjclark.org> References: <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter> <20020328174304.L97841@blossom.cjclark.org> <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>; from wollman@lcs.mit.edu on Thu, Mar 28, 2002 at 09:55:52PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 28, 2002 at 09:55:52PM -0500, Garrett Wollman wrote: > < said: > > > Some sites may use this policy, but I would never like it. It requires > > direct logins as root. > > It may make some sense in limited circumstances. For example, my > Kerberos KDC has only one interactive user (root), does not support > network login (duh!), and is locked in a box in one of my machine > rooms. *Any* escalation of privilege on that machine represents a > serious security problem. Again, personally, if more than one user has access to the machine, I prefer to have people individual accounts and su(1) to root for the sake of an audit trail (Obviously, people who have root and physical access can almost certinly tamper with the logs, but it is still useful). YMMV. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message