"Erika" writes:
>Thanks for the speeedy reply, michaelkjohnson, much appreciated - but this
>leaves me confused as to the option in linuxconf when creating a new user
>to allow them to run linuxconf !?
Yeah, I know it's confusing.
We didn't remove that option so that people who have a system that they
trust all the users on can make linuxconf setuid root and make use of that
facility. As long as you trust your users not to be trying to find a
security hole in linuxconf, you should be OK. If you are attached to
the internet, you may want to disable the linuxconf line in /etc/inetd.conf
before making linuxconf setuid root. There aren't known holes there, but
there have been in the past and linuxconf has not been audited for
security completely, although the LSAP did look it over and found a few
of the holes and the holes we know about are fixed.
So you can evaluate your level of risk and make your own choice.
Sorry this is so confusing, but we have to be paranoid about security
because people really are out to get us...
michaelkjohnson
"Magazines all too frequently lead to books and should be regarded by the
prudent as the heavy petting of literature." -- Fran Lebowitz
Linux Application Development http://www.redhat.com/~johnsonm/lad/
---
You are currently subscribed to linuxconf as: [[email protected]]
To unsubscribe, forward this message to [EMAIL PROTECTED]
