Moritz Schulte <[EMAIL PROTECTED]> writes: > Marcus Brinkmann <[EMAIL PROTECTED]> writes: > > > We should probably make this the default for remote connections. > > Why only for remote connections? I don't see why local users should > be able to spy out system information just because we open the door > for them.
Well, because it's a friendly thing to do? (When I open my door for a visitor, I don't usually lock the doors to rooms that the visitor isn't supposed to see, and sometimes I even encourage them to look around). And because the typical local user nowadays has physical access to the machine, so it's usually futile to stop attacks from evil local users. If you have a system where you really try to protect the system from attacks by people with physical access (like, encrypted harddrives, disabled floppy boot, BIOS passwords, and decent padlock on the box itself), or if a "local user" means anyone calling your serial modem, you should perhaps disable the login shell, but that's not a typical system. If you're saying that this should be easy to configure based on local policy, I'm all for it. /Niels _______________________________________________ Help-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/help-hurd
