> -----Original Message----- > From: John Powell [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 10, 2001 12:34 PM > Subject: Re: [e-smith-devinfo] root / shell access
> Probably (make that definitely) a better approach is leave > the config alone, The stated approach does not modify the config in any non-standard way. It simply sets a property that was removed from the web manager. From a system integrity perspective, nothing untoward is done. > telnet in as admin and "su -" to root. Have you ever telneted into the server as admin? You get the admin console, not the command line. It would be pretty tough to su to anything from there. > The best approach, of course, is to use SSH, not telnet. Reminds me of the old "GOTO is evil" argument. Pretty tough to program most popular processors without GOTO -- usually referred to as a JUMP in most assembly mnemonics :-) The GOTO in and of itself is not bad -- it is the misuse of GOTO, which is an easy thing to do, that is bad. Similarly, not all telnet access is bad. Prone to be bad, yes, but inherently and inescapably bad, no. > Neither of those involve major compromises to security or any > change to the config. Except that one won't work, and the other has issues of its own. Not the least of which is that most SSH clients are pretty lame when compared to their more mature telnet cousins. Machines don't think, people do. It should be the option and responsibility of the local admin to determine if the security risks of telnet -- or any other arguably risky service or protocol or practice -- are worth the rewards. IMHO Scott -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
