Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 1996 14:44:06 -0400 (EDT)
From:      Jeff Aitken <jaitken@cslab.vt.edu>
To:        softweyr@xmission.com (Barnacle Wes)
Cc:        security@freebsd.org
Subject:   Re: The Vinnie Loophole
Message-ID:  <199606251844.OAA06978@husky.cslab.vt.edu>
In-Reply-To: <199606251748.LAA25282@xmission.xmission.com> from "Barnacle Wes" at Jun 25, 96 11:48:52 am

next in thread | previous in thread | raw e-mail | index | archive | help
> You obviously aren't very concerned about security.  

Not true at all.  Perhaps I should clarify my objection:

I'm aware of the potential security risk associated with having "." in
root's path.  If you want to make that impossible, so be it.  I don't
have it in root's path on machines I administer in any case.  

What I specifically did *not* want to see were what I consider "useless"
messages filling up the system logs.  Log digestion is difficult enough
as it is, as I'm sure you (or any other good admin) are already aware.

AFAIK, FreeBSD doesn't come standard with "." in root's path.  So the
only people who would suffer from this (potential) vulnerability are the
ones who *deliberately* put "." in the path!

I suppose that, by the same argument, I shouldn't care about it, since I
won't ever see the message. :-)  What I really wanted to point out is
that filling up system logs with lots of (potentially) useless
information is not a good idea (IMHO).  I suppose we'll just have to
agree to disagree on this point.

-- 
Jeff Aitken
jaitken@cs.vt.edu




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251844.OAA06978>