Date: Tue, 1 Jun 1999 20:31:53 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Andrew Kenneth Milton <akm@mail.theinternet.com.au> Cc: akm@mail.theinternet.com.au, matt@Mlink.NET, bc@thehub.com.au, cain@tasam.com, freebsd-security@FreeBSD.ORG Subject: Re: Shell Account system Message-ID: <199906020331.UAA86389@apollo.backplane.com> References: <199906020321.NAA22830@mail.theinternet.com.au>
index | next in thread | previous in thread | raw e-mail
:
:I'd agree that you don't want it suid root, I don't agree that you
:don't want it suid some other non-privelged user.
:
:--
:Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew
If the admin is supposed to be able to do some operation on the
server, such as restart it, then having a suid-(server-uid) program
that does that *ONE* thing and making it group-executable to the set
of admins allowed to do that *ONE* thing is not going to compromise
security any more then giving the admin access to (server-uid) account.
It is appropriate to be wary of suid programs, but not overly paranoid.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020331.UAA86389>