Bruce Dubbs wrote:
That sounds like a pretty big security hole!
No bigger hole than how ALFS currently works. It just runs whatever profile you send. You can "rm -r /" and nothing stops that from happening.
This method of the client sending a finished script ready for execution doesn't have to be a security hole. A client authenticates with the server. If you are trusted, you can make the server do whatever you want it to. If you mess up, well it's no different than you typing "rm -r /" by accident as root. Either way you have to be careful what you are doing.
-- Gerard Beekmans /* If Linux doesn't have the solution, you have the wrong problem */ -- http://linuxfromscratch.org/mailman/listinfo/alfs-discuss FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
