Yes, it is getting quite silly. By the way my root password is "root". Part of my point was indeed that no system is secure. My main point however was simply that one shouldn't advise (or imply) that a given practice is secure (and we agree that nothing is) without disclosing the primary vulnerabilities. In this particular instance, the claim was that "the password field in an NIS lookup will be garbled if the user isn't root" and I simply pointed out that this was crap. I speculated that ident was being used and I was wrong about that, it relies on it being "a privileged port". Fine, that doesn't invalidate my original point.
Miquel van Smoorenburg wrote: > In article <[EMAIL PROTECTED]>, > Jens B. Jorgensen <[EMAIL PROTECTED]> wrote: > >Oh, pardon me. That really is safe then. NOT! If I can plug into your > >ethernet, I can > >have your NIS maps. > > This is getting silly. Even if you install $100,000 worth of crypto > devices I can still come in, hold a gun to your head and get a root > prompt. So no system is secure. Why not mail me your root password > right away. -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
