help-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU login shell


From: Jeroen Dekkers
Subject: Re: GNU login shell
Date: Mon, 18 Mar 2002 18:14:05 +0100
User-agent: Mutt/1.3.27i

On Mon, Mar 18, 2002 at 10:08:33AM +0100, Moritz Schulte wrote:
> nisse@lysator.liu.se (Niels M?ller) writes:
> 
> > Well, because it's a friendly thing to do?
> 
> Well, I don't think that is a good argument.  Then you could also ask
> why we care about (local) privacy at all.

Things you care about should have read permissions for others and the
users without UID.
 
> > (When I open my door for a visitor, I don't usually lock the doors
> > to rooms that the visitor isn't supposed to see, and sometimes I
> > even encourage them to look around).
> 
> Yes, true.  But the point is that you don't know wether it's a nice
> visitor or an intruder.  I also don't understand the purpose, because
> a user would surely login if he would have real work to do at the
> sytem.

The login shell is run without UIDs, it should give a security
problem. Some visitor without an account can use the system and do
real work.

> > And because the typical local user nowadays has physical access to
> > the machine, so it's usually futile to stop attacks from evil local
> > users.
> 
> True, if a user has physical access, he would be able to spy out data
> anyway.  But I think, we shouldn't have our door that open however.

You can see a lot of things easily with physical access which you
can't if you have no UIDs in the system.

Jeroen Dekkers
-- 
Jabber supporter - http://www.jabber.org Jabber ID: jdekkers@jabber.org
Debian GNU supporter - http://www.debian.org http://www.gnu.org
IRC: jeroen@openprojects

Attachment: pgpiT9NlF39fs.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]