Login functionality

Christopher Chumbley cjchumbley at hotmail.com
Tue Feb 17 22:02:47 PST 2004


I don't disagree but I keep running in this over and over...
CJ

  ----- Original Message ----- 
  From: ken_i_m at elegantinnovations.net<mailto:ken_i_m at elegantinnovations.net> 
  To: Hardened LFS Development List<mailto:hlfs-dev at linuxfromscratch.org> 
  Sent: Wednesday, February 18, 2004 12:57 AM
  Subject: Re: Login functionality


  On Wed, Feb 18, 2004 at 12:44:17AM -0500, Christopher Chumbley (cjchumbley at hotmail.com<mailto:cjchumbley at hotmail.com>) wrote:
  > I agree that with a malicious admin all bets are are off.  On the other 
  > hand, I have seen too many stupid and/or lazy admins and the ablility to 
  > search through a log file for "admin/Godd" or to look for any other login 
  > failures and see the username/password pairs really just isn't an 
  > acceptable security risk. IMHO of course...
  [wrapping added :-( ]

  A non-admin user being able to read logs is a misconfiguration.  This is 
  sysadmin 101 basic stuff.  If you have an admin this stupid/lazy you got 
  alot more serious problems then users exploiting logs.
  -- 
  I think, therefore, ken_i_m
  Chief Gadgeteer, Elegant Innovations
  Founder, Bozeman Linux Users Group
  (406) 581-0495
  -- 
  http://linuxfromscratch.org/mailman/listinfo/hlfs-dev<http://linuxfromscratch.org/mailman/listinfo/hlfs-dev>
  FAQ: http://www.linuxfromscratch.org/faq/<http://www.linuxfromscratch.org/faq/>
  Unsubscribe: See the above information page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20040218/408dfa84/attachment.html>


More information about the hlfs-dev mailing list