On Sunday 26 March 2006 02:16, Matthew R. Dempsky wrote: >On Sun, Mar 26, 2006 at 12:46:14AM -0500, Gene Heskett wrote: >> Giving everybody access to ifconfig and its ilk sure sounds like a >> big security hole to me. > >That's ridiculous. If adding ifconfig to your users' PATH is a > security concern, your system is already at risk.
But what happens in a corporate setting with more than 1 subnet, one having a good firewall that only lets in filtered email, and one thats relatively wide open, and both thru the same switch? I don't think you'd want a savvy user switching the machine from one subnet to the other and allowing in a boatload of viri or porn. The viri is a huge PITA to clean up, the porn OTOH, is a huge legal liability in many locales. IMO ifconfig is a system function, and the normal user has no need for access to it, none, nada, zip. As the admin, the admin should be responsible for that, with those configs locked down for normal users. Heck, I'm using two subnets here at home with only 3 machines, just for that exact reason, seperation of responsibilities. Call me paranoid, but I intend to keep it that way. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
