Comment 112 for bug 13795
Revision history for this message
|
|
#112 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
5466644
demo site
(Get the code!)
On Thu, Mar 31, 2005 at 06:16:46AM +1000, <email address hidden> wrote:
> Group staff is an anachronism: its ownership of /home is "wrong". Its use
> and usefulness should be reviewed.
An anachromism ? What paradigm shift made it "wrong" ?
> Group staff is said to be useful "for helpdesk types or junior sysadmins",
> without warnings that it is in fact root-equivalent.
Who said that ?
sg staff -c make install
and
su root -c make install
are very different security-wise. For once, the first will fail if we
mistakenly try to install in /usr instead of /usr/local.
> Use of root-equivalent users and groups may enlarge the attack surface.
There are a lot of them, though.
> If commonly used software allows breaching some security features, then
> the features need to be changed.
No security conscious person use NFS in a security sensitive context
anyway.
Cheers,
--
Bill. <email address hidden>
Imagine a large red swirl here.