Date: Tue, 25 Jun 1996 14:44:06 -0400 (EDT) From: Jeff Aitken <jaitken@cslab.vt.edu> To: softweyr@xmission.com (Barnacle Wes) Cc: security@freebsd.org Subject: Re: The Vinnie Loophole Message-ID: <199606251844.OAA06978@husky.cslab.vt.edu> In-Reply-To: <199606251748.LAA25282@xmission.xmission.com> from "Barnacle Wes" at Jun 25, 96 11:48:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
> You obviously aren't very concerned about security. Not true at all. Perhaps I should clarify my objection: I'm aware of the potential security risk associated with having "." in root's path. If you want to make that impossible, so be it. I don't have it in root's path on machines I administer in any case. What I specifically did *not* want to see were what I consider "useless" messages filling up the system logs. Log digestion is difficult enough as it is, as I'm sure you (or any other good admin) are already aware. AFAIK, FreeBSD doesn't come standard with "." in root's path. So the only people who would suffer from this (potential) vulnerability are the ones who *deliberately* put "." in the path! I suppose that, by the same argument, I shouldn't care about it, since I won't ever see the message. :-) What I really wanted to point out is that filling up system logs with lots of (potentially) useless information is not a good idea (IMHO). I suppose we'll just have to agree to disagree on this point. -- Jeff Aitken jaitken@cs.vt.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251844.OAA06978>