Date: Thu, 28 Mar 2002 20:40:53 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: security@FreeBSD.ORG Subject: Re: make world and setuid bits Message-ID: <20020328204053.O97841@blossom.cjclark.org> In-Reply-To: <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>; from wollman@lcs.mit.edu on Thu, Mar 28, 2002 at 09:55:52PM -0500 References: <20020328121850.D97841@blossom.cjclark.org> <20020328161518.R5333-100000@walter> <20020328174304.L97841@blossom.cjclark.org> <200203290255.g2T2tqi09556@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 28, 2002 at 09:55:52PM -0500, Garrett Wollman wrote:
> <<On Thu, 28 Mar 2002 17:43:04 -0800, "Crist J. Clark" <cjc@FreeBSD.ORG> said:
>
> > Some sites may use this policy, but I would never like it. It requires
> > direct logins as root.
>
> It may make some sense in limited circumstances. For example, my
> Kerberos KDC has only one interactive user (root), does not support
> network login (duh!), and is locked in a box in one of my machine
> rooms. *Any* escalation of privilege on that machine represents a
> serious security problem.
Again, personally, if more than one user has access to the machine, I
prefer to have people individual accounts and su(1) to root for the
sake of an audit trail (Obviously, people who have root and physical
access can almost certinly tamper with the logs, but it is still
useful). YMMV.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328204053.O97841>