John H. Robinson, IV wrote:
Fix the problem, don't hide it by making users change their passwd.
or do you trust your users to not use the root exploit, just becoz ...
Do you follow BugTraq? VulnDev? Other security-focused mailing lists?
Local escalations are not exactly rare. And they happened to exist
_before_ they are discovered. Can you state that right now all of your
systems have *no* privilege escalation vectors? (Obviously, things like
su don't count as they are legitimate).
I'm not paid to, you are.
Don't pass the buck onto me by forcing me to change my passwd every 2
weeks, and not reuse any of the last 26 !
Are you saying that a cracker is sitting out there with my userid/passwd
waiting for a new vulnerability so they can get into my system, becoz
all their other attempts have been foiled ?
--
Michael O'Keefe | [EMAIL PROTECTED]
Live on and Ride an 06 BMW R12GS HP2 | [EMAIL PROTECTED] / |
I like less more or less less than |Work:+1 858 845 3514 / |
more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652 /_p_|
My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296 \`O'|
blah, yackety yack - don't come back |Fax :+1 858 _/_\|_,
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
