World writable speakup files in Linux next
Samuel Thibault
samuel.thibault at ens-lyon.org
Mon Dec 13 08:43:19 EST 2010
Kirk Reiser, le Mon 13 Dec 2010 08:36:58 -0500, a écrit :
> I have never seen anything even
> close to the type of condition we are hypothetically discussing.
You mean, somebody with bad enough intentions?
> I work for a very large university. My question of curiosity is
> simply to determine why this is a possible concern in a very unlikely
> event.
Security is about unlikely events.
> If something is a security risk then we need to determine what it is
> and how to fix the problem rather than having security through
> obscurity.
We're not talking about obscurity, we're talking about restricting which
users are able to write to these files.
> BTW, I aggree with Chris that the best solution from my
> perspective is to set-up a speakup group and use group writable bits.
Sure.
> I really don't think that is any less of a security risk however.
Anything that can let a user change root's view of what is happening on
a system can really be frowned upon.
Samuel
More information about the Speakup
mailing list