* Re: revising the su decision]
@ 2002-07-13 7:29 Tom
0 siblings, 0 replies; only message in thread
From: Tom @ 2002-07-13 7:29 UTC (permalink / raw)
To: selinux
On Sat, Jul 13, 2002 at 06:04:56AM +0200, Russell Coker wrote:
> > c) give your remote/install user write priviledges for /var/install
>
> If someone can write to /var/install in that case, then why not just allow
> them to login directly with full admin privs?
>
> Writing a RPM or DEB package to take over or destroy a system is easy
> enough...
the point is that if you want to, you can do sanity checks before
installing the packages.
automated remote software updates are always essentially equal to
putting the root password into /etc/motd - but if the priviledged part
runs on the local machine, you at least do have a chance.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-07-13 7:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-13 7:29 revising the su decision] Tom
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.