Re: A few thoughts..

• Previous message: Ivan Voras: "MAC (was: A few thoughts...)"
• In reply to: H. S.: "A few thoughts.."
• Next in thread: H. S.: "Re: A few thoughts.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 29 Mar 2005 21:57:31 -0600
To: "H. S." <security@revolutionsp.com>

In <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com>, H. S. <security@revolutionsp.com> typed:
> My "USERNAME" account doesn't have access to /sbin/dmesg, but I uploaded a
> /sbin/dmesg from a 5.2.1-RELEASE to a 5.3-STABLE box, and then I could
> have access to this system information. The same goes for systat , vmstat,
> and all these commands that (most people think) shouldn't be available for
> regular users.

I wouldn't say "most people think" those things shouldn't be available
for regular users, because that's the first time in 25 years of
managing Unix systems that I've run into that sentiment.

What I'm really curious about is what makes you think FreeBSD itself
tries to enforce your opinion. I'm running 5.3-STABLE built from fresh
install of 5.3-RELEASE, haven't done anything to any of those
binaries, and they are all world/group executable on my system. That
means that there's no way to prevent any user from running them. dmesg
isn't in the normal $PATH, but that's not an indication that users
shouldn't be able to run it, merely that they aren't expected to need
it.

        <mike

-- 
Mike Meyer <mwm@mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

• Previous message: Ivan Voras: "MAC (was: A few thoughts...)"
• In reply to: H. S.: "A few thoughts.."
• Next in thread: H. S.: "Re: A few thoughts.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: w ( /usr/bin/w ) -- Maybe an FAQ? ... running mysql and web on the same box. ... I know that most commands that allow the user to ... > and they might naively type in passwords as part of the command, ... or at least restrict its behaviour such that regular users *NEVER* ... (comp.os.linux.security) Re: [opensuse] SuSefirewall - protect sshd ... course effectively denial-of-service'd by your own firewall as none ... of your regular users will be able to catch a slot. ... The comment says "Allow max three ssh connects per minute from the ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ... (SuSE)