On Mon, 7 Jan 2002, Pybus, David wrote: > Agreed, removing editors is a waste of time and just makes it > difficult to admin the system.
Indeed, the idea is to make it /impossible/ to admin the system. Any changes should be made on the "creator" system, and then a new floppy/CD are created. > For example given shell access, the command cat and > the re-direction operator '>' it is easy to edit a file. > 1) Open the hacked box in an xterm > 2) Enter 'cat target-file' $ cat: command not found > 6) Returning to the shell on the target machine enter > 'cat >target-file' $ cat: command not found Even if the cat command worked, the files are still chattr'd. > 7) Paste the edited version of the file into the xterm > 8) Exit cat with ^C er, ^D probably So, some of my overkill is worthwhile, since it provides defense in depth ... my hope is that at some point I'll have removed enough tools that it's practically and theoretically impossible to make changes to the running system. -jeff -- "Sex is a genetic disease. If your parents never had it, chances are you never will, either."
