root on ports

Fabio Fracassi f.fracassi at gmx.net
Thu Feb 15 07:02:39 PST 2001


On Wednesday 14 February 2001 18:53, you wrote:
> > and if alfs ran as say user nobody then how
> > would elements like <make_install> work?
>
> *flake tosses two cents in the bucket*
>
> A quick kludge could be an <!ENTITY su "passwd">  there's got to be a more
> secure way tho.  When there's a front end I think it would be good to
> prompt for things like that right at the beginning.  Indeed, along the
> lines of "forking building all over the network" you could (should) end up
> with different su passwd's for each different machine, so it would need a
> list of the different ones mapped to the respective IP or hostname or
> whatever.
>

if we work with ssh we could do without asking the user for passwords,
we could leave this hazadrous work to ssh (particular ssh-agent ) and
wont "get our hands dirty", since storing passwords is always a thing where 
much caution is needed, and we wouldn't want to risk security holes and/or 
root exploits, would we?

IMHO we should reduce password handeling (and especially storing) to an 
absolute minimum.

just my $0.02

Fabio





More information about the alfs-discuss mailing list