Date: Wed, 8 Apr 1998 22:26:12 +1000 From: Sue Blake <sue@welearn.com.au> To: Mark Ovens <marko@uk.radan.com> Cc: "Michael P. Sale" <mike@merchantsnet.com>, freebsd-newbies@FreeBSD.ORG, dmlb@ragnet.demon.co.uk Subject: Re: mtools use Message-ID: <19980408222612.43377@welearn.com.au> In-Reply-To: <352B6955.DD52844F@uk.radan.com>; from Mark Ovens on Wed, Apr 08, 1998 at 01:11:01PM %2B0100 References: <01bd6296$aece1600$5006bccc@708644668> <352B28B2.5BDE9363@uk.radan.com> <19980408194800.21697@welearn.com.au> <352B6955.DD52844F@uk.radan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 08, 1998 at 01:11:01PM +0100, Mark Ovens wrote:
> Sue Blake wrote:
> >
> > On Wed, Apr 08, 1998 at 08:35:14AM +0100, Mark Ovens wrote:
> >
> > > Note! This will not work if you have a password set for root (which
> > > would probably be the case in a commercial environment, but not
> > > necessarily on a home machine).
> >
> > That sounds extremely dangerous to me.
> > One day someone you've told might convince you how dangerous it is.
> > Meanwhile I hope it doesn't become fashionable among those who are not as
> > well able to appreciate the consequences of having no root password.
> >
>
> Yes, you are quite correct, we (I) shouldn't be encouraging people,
> especially new users, to run without a root password. It's just 8 years
> of working on Unix systems many of which do not have a root password has
> got me into bad habits, together with never having trashed a system
> because of it (putting that in writing will probably guarantee I'll do
> an 'rm -rf /*' as root in the next couple of days ;-) ) has made me
> complacent.
In my feeble experience, every time something looks like a great idea
that'll make life easier it's a security risk or worse. I tend to play it
all very boring these days, just to be sure. There's lots of people out
there who could do a lot worse with my system than I do, if I gave them
half a chance to try. On the Internet the world sits at your keyboard.
> I see someone else has posted a message suggesting making mount_msdos a
> setuid file which will allow non-root users to run it. Whilst this is
> still a bit risky it is much better than not having a root password and
> is an acceptable compromise for mounting floppies. Just don't get
> carried away and make all executable files setuid.
>
> I consider my wrists well & truly slapped :-(
:-) No slap intended, I just panicked.
--
Regards,
-*Sue*-
find / -name "*.conf" |more
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980408222612.43377>