Comment 114 for bug 13795
Revision history for this message
| Debian Bug Importer (debzilla) wrote | #114 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Message-ID: <20050330232605
Date: Thu, 31 Mar 2005 01:26:05 +0200
From: Bill Allombert <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH
On Thu, Mar 31, 2005 at 06:16:46AM +1000, <email address hidden> wrote:
> Group staff is an anachronism: its ownership of /home is "wrong". Its use
> and usefulness should be reviewed.
An anachromism ? What paradigm shift made it "wrong" ?
> Group staff is said to be useful "for helpdesk types or junior sysadmins",
> without warnings that it is in fact root-equivalent.
Who said that ?
sg staff -c make install
and
su root -c make install
are very different security-wise. For once, the first will fail if we
mistakenly try to install in /usr instead of /usr/local.
> Use of root-equivalent users and groups may enlarge the attack surface.
There are a lot of them, though.
> If commonly used software allows breaching some security features, then
> the features need to be changed.
No security conscious person use NFS in a security sensitive context
anyway.
Cheers,
--
Bill. <email address hidden>
Imagine a large red swirl here.