On Sat, Dec 06, 2003 at 02:53:58AM -0500, Todd Burroughs wrote: > If, by "messing up with them", you mean "turning off the suid bit", that > cannot decrease security. If they think otherwise, they do not know > what they talk about. Any program that is suid or sgid can either do > nothing for or decrease your security. I cannot think of any possible > way that keeping suid/sgid could increase your security. There are some > exceptions if you want to give people partial root access, like 'sudo'.
please explain how a user should be able to change his password without a setuid passwd. write access to /etc/spwd.db and pwd.db for everybody...? -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
