help-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU login shell


From: Niels Möller
Subject: Re: GNU login shell
Date: 18 Mar 2002 09:26:32 +0100
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1

Moritz Schulte <moritz@duesseldorf.ccc.de> writes:

> Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:
> 
> > We should probably make this the default for remote connections.
> 
> Why only for remote connections?  I don't see why local users should
> be able to spy out system information just because we open the door
> for them.

Well, because it's a friendly thing to do? (When I open my door for a
visitor, I don't usually lock the doors to rooms that the visitor
isn't supposed to see, and sometimes I even encourage them to look
around).

And because the typical local user nowadays has physical access to the
machine, so it's usually futile to stop attacks from evil local users.
If you have a system where you really try to protect the system from
attacks by people with physical access (like, encrypted harddrives,
disabled floppy boot, BIOS passwords, and decent padlock on the box
itself), or if a "local user" means anyone calling your serial modem,
you should perhaps disable the login shell, but that's not a typical
system.

If you're saying that this should be easy to configure based on local
policy, I'm all for it.

/Niels



reply via email to

[Prev in Thread] Current Thread [Next in Thread]