On Dec 5, 2007, at 9:57 AM, Martin Marcher wrote:
But since *nix has a history of being secure because a user/process
can't by default destroy any data besides the data one/it owns. Why
not take that one further and require explicit permission to even run
a program that can potentially destroy data?
* Why not take that one further and require explicit permission to run
_any_ program?
Revoking "others" access by default does just that. I think my point
wasn't clear.
I suppose because if you remove permissions on anything that can
potentially destroy data, you quickly end up with a system that isn't
usable. If you're getting paranoid enough to restrict wget and tar,
you'd be better served by not letting the user have access to a shell
at all. I mean, you can still clobber a file you have write
permission to by doing "echo 'Whatever' >file". In most shells this
requires no execute permissions on anything, since 'echo' is a built-
in command.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
