Date: Tue, 1 Jun 1999 20:31:53 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Andrew Kenneth Milton <akm@mail.theinternet.com.au> Cc: akm@mail.theinternet.com.au, matt@Mlink.NET, bc@thehub.com.au, cain@tasam.com, freebsd-security@FreeBSD.ORG Subject: Re: Shell Account system Message-ID: <199906020331.UAA86389@apollo.backplane.com> References: <199906020321.NAA22830@mail.theinternet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
: :I'd agree that you don't want it suid root, I don't agree that you :don't want it suid some other non-privelged user. : :-- :Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew If the admin is supposed to be able to do some operation on the server, such as restart it, then having a suid-(server-uid) program that does that *ONE* thing and making it group-executable to the set of admins allowed to do that *ONE* thing is not going to compromise security any more then giving the admin access to (server-uid) account. It is appropriate to be wary of suid programs, but not overly paranoid. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906020331.UAA86389>