World writable speakup files in Linux next
Frost
znvyyvfgf at gmail.com
Mon Dec 13 13:21:10 EST 2010
On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
> No, you can't, because the loggued-in person might be a
> virus/worm/attacker/whatever which compromised the user's account.
Then your security was breached already, and has nothing to do
with speakup. Personally, I think it's far worse for security to let a
user have access to any and every mail client on the system, in case
they use it to spam the entire planet with it, and those are left wide
open on purpose. <shrugs> You don't see me clamping down restrictions on
those, just because someone *might* abuse them and lose me my internet
connection.
If it's a virus, then it's not SpeakUP's problem, but mine for
not following proper prophylactic procedures. If it's a user on the
system goofing off, first they get warned, then they lose their
accounts. Again, it's not SpeakUP's fault. Having access to SpeakUP
from any console under any account *is* my problem, and I don't want to
go thru 20 different steps, just to kick up the volume a notch on my own
friggin keyboard. I certainly don't want to have to go through 20
different steps every time I need to su to someone else to check if
something is working properly for them. Secure SpeakUP on your own,
create your own distro, and release that if you want. Stay out of my
computer.
Michael
More information about the Speakup
mailing list