Reco wrote:
> And what about the end result ('user will get root privs')?They are different users. A remote user could be anyone. A local user is someone who is already known and has an account on the system and who has an established relationship and trust. Case 1: I find that someone in my family who lives in my house has rumaged through my underwear drawer. A violation of trust has occurred. I am unhappy and will talk with them and give them a harsh lecture. This is not appropriate behavior. Case 2: I find someone who is not a member of my family and who does not live in my house and who I don't know has rummaged through my underwear drawer. A very serious crime has been committed. I live in a state where I am fully legally protected if I shoot them dead. The crime is the same in both cases. The only difference is who has done it. Your argument is that they are the same. My argument is that they are different. This discussion has become circular. We are at irreconcilable differences. Therefore I will close my part of it with this thought: Security is the one part of the system that by design makes the system harder to use. Hopefully infinitely hard to the bad guys. Hopefully less so for the good guys. But of course no system is perfect and the only 100% safe system is one that is off. Anything else is a compromise. Bob
signature.asc
Description: Digital signature
