Date: Wed, 8 Apr 1998 22:26:12 +1000 From: Sue Blake <sue@welearn.com.au> To: Mark Ovens <marko@uk.radan.com> Cc: "Michael P. Sale" <mike@merchantsnet.com>, freebsd-newbies@FreeBSD.ORG, dmlb@ragnet.demon.co.uk Subject: Re: mtools use Message-ID: <19980408222612.43377@welearn.com.au> In-Reply-To: <352B6955.DD52844F@uk.radan.com>; from Mark Ovens on Wed, Apr 08, 1998 at 01:11:01PM %2B0100 References: <01bd6296$aece1600$5006bccc@708644668> <352B28B2.5BDE9363@uk.radan.com> <19980408194800.21697@welearn.com.au> <352B6955.DD52844F@uk.radan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 08, 1998 at 01:11:01PM +0100, Mark Ovens wrote: > Sue Blake wrote: > > > > On Wed, Apr 08, 1998 at 08:35:14AM +0100, Mark Ovens wrote: > > > > > Note! This will not work if you have a password set for root (which > > > would probably be the case in a commercial environment, but not > > > necessarily on a home machine). > > > > That sounds extremely dangerous to me. > > One day someone you've told might convince you how dangerous it is. > > Meanwhile I hope it doesn't become fashionable among those who are not as > > well able to appreciate the consequences of having no root password. > > > > Yes, you are quite correct, we (I) shouldn't be encouraging people, > especially new users, to run without a root password. It's just 8 years > of working on Unix systems many of which do not have a root password has > got me into bad habits, together with never having trashed a system > because of it (putting that in writing will probably guarantee I'll do > an 'rm -rf /*' as root in the next couple of days ;-) ) has made me > complacent. In my feeble experience, every time something looks like a great idea that'll make life easier it's a security risk or worse. I tend to play it all very boring these days, just to be sure. There's lots of people out there who could do a lot worse with my system than I do, if I gave them half a chance to try. On the Internet the world sits at your keyboard. > I see someone else has posted a message suggesting making mount_msdos a > setuid file which will allow non-root users to run it. Whilst this is > still a bit risky it is much better than not having a root password and > is an acceptable compromise for mounting floppies. Just don't get > carried away and make all executable files setuid. > > I consider my wrists well & truly slapped :-( :-) No slap intended, I just panicked. -- Regards, -*Sue*- find / -name "*.conf" |more To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980408222612.43377>