Gene Heskett wrote:
On Sunday 26 March 2006 02:16, Matthew R. Dempsky wrote:
On Sun, Mar 26, 2006 at 12:46:14AM -0500, Gene Heskett wrote:
Giving everybody access to ifconfig and its ilk sure sounds like a
big security hole to me.
That's ridiculous. If adding ifconfig to your users' PATH is a
security concern, your system is already at risk.
But what happens in a corporate setting with more than 1 subnet, one
having a good firewall that only lets in filtered email, and one thats
relatively wide open, and both thru the same switch? I don't think
you'd want a savvy user switching the machine from one subnet to the
other and allowing in a boatload of viri or porn. The viri is a huge
PITA to clean up, the porn OTOH, is a huge legal liability in many
locales.
$ /sbin/ifconfig eth0 172.17.205.79
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
That's what happens.
IMO ifconfig is a system function, and the normal user has no need for
access to it, none, nada, zip. As the admin, the admin should be
responsible for that, with those configs locked down for normal users.
It both displays and sets information. I see no need to conceal the
information it displays.
Heck, I'm using two subnets here at home with only 3 machines, just for
that exact reason, seperation of responsibilities. Call me paranoid,
but I intend to keep it that way.
Try actually changing a setting while not having root privilege.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
