cjchumbley at hotmail.com
Tue Feb 17 22:02:47 PST 2004
I don't disagree but I keep running in this over and over...
----- Original Message -----
From: ken_i_m at elegantinnovations.net<mailto:ken_i_m at elegantinnovations.net>
To: Hardened LFS Development List<mailto:hlfs-dev at linuxfromscratch.org>
Sent: Wednesday, February 18, 2004 12:57 AM
Subject: Re: Login functionality
On Wed, Feb 18, 2004 at 12:44:17AM -0500, Christopher Chumbley (cjchumbley at hotmail.com<mailto:cjchumbley at hotmail.com>) wrote:
> I agree that with a malicious admin all bets are are off. On the other
> hand, I have seen too many stupid and/or lazy admins and the ablility to
> search through a log file for "admin/Godd" or to look for any other login
> failures and see the username/password pairs really just isn't an
> acceptable security risk. IMHO of course...
[wrapping added :-( ]
A non-admin user being able to read logs is a misconfiguration. This is
sysadmin 101 basic stuff. If you have an admin this stupid/lazy you got
alot more serious problems then users exploiting logs.
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
Unsubscribe: See the above information page
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the hlfs-dev