* Hiten Pandya ([EMAIL PROTECTED]) wrote: [disallowing a su'ed root to shutdown the machine proposition snipped]
> this would be very good, i think if someone broke into > a normal user and was able to gain access into root > using su... (without a password..) I fail to see anything 'good' in that... And there is a flaw in your reasoning. It really does not add any security. There are lots of other ways to shut down a computer without using 'shutdown'. Heck, if one had access to a compiler while being root there are a myriad more. Limiting the shut-down functions is a bad idea how ever you turn it. Usually, if you detect a breakin/intrusion, a shutdown can be the only way to save your data for post-mortem analysis. People who restrict direct root logins are not far and between. It would be a real pain in the back end if one can not shut down a box if something awry or heinous is happening, to prevent further damage. Of course if people really want it, there's always your patch they can download and install :-) (don't you love free software for that?) I also wonder why an attacker would want to shut down a box. The average script kid would want the box to be up and running, for whatever purpose, and for bragging rights of course. The only reason I see is denial of service. Meddling with the shutdown mechanisms is only cutting yourself in your fingers, as an administrator. My guess is using some sense and sensibility is the best tool one could use to thwart attackers. Have you read "Practical UNIX and Internet Security", written by Simson Garfinkel and Gene Spafford? (ISBN 1-56592-148-8) I suggest you do. It will enlighten you where some real problems are. Cheers, Emiel -- There's only one way to have a happy marriage and as soon as I learn what it is I'll get married again. -- Clint Eastwood To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message