On Tue, Mar 18, 2003 at 11:08:17AM -0500, Hall, Ken (IDS ECCS) wrote:
> If they were late additions, I might just have an old version of the
> package. SLES7 has some pretty old components.
>
> Additional security for something like this can never hurt.
Sure it can. The default is that device files are not group/world-writable.
Any admin that changes this has to know what he/she/it is doing. So
there is no security to gain. Yet another way for root to gain root.
Zero gain vs. a very small loss [*].
Why stop me from shooting at the fly that happens to sit on the nail
of my toe? I'm a sharpshooter, and this is my foot.
[*] Possible workarounds: sudo and friends. But they still have a small
extra setup cost.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir/
