Date: Mon, 10 Dec 2001 21:37:03 -0600 (CST) From: Jon Mini <haikugeek@haikugeek.com> To: Mike Barcroft <mike@freebsd.org> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <Pine.LNX.4.33.0112102133480.9370-100000@westhost36.westhost.net> In-Reply-To: <20011210221836.N1956@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Dec 2001, Mike Barcroft wrote: > Mike Silbersack <silby@silby.com> writes: > > > > Hm, I wonder if write enabling should even be compiled into the loader by > > default - I think you're correct in suspecting that changing /etc/passwd > > will be the primary use of this feature. :| > > Why would someone use this feature to write to the password file, when > they can just boot into single user mode and use their favourite > editor? The question that comes into my mind is this: Why would a process be able to write to /boot/*, but not /etc/*? Is it often that they gain this type of access? I'm not really sure any doors are being made any wider. However, for the paranoid, I could easily add an option that would only allow you to open files for writing that start with a certain path prefix or match an access list or something similar. -- Dizzy Cow (Jon Mini) dizzycow@haikugeek.com ... Desolation ... Despair ... Plastic Forks ... ~ ~ ~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0112102133480.9370-100000>