On 2/6/08 2:47 AM, "Alan Altmark" <[EMAIL PROTECTED]> wrote:
> On Tuesday, 02/05/2008 at 02:19 EST, David Boyes <[EMAIL PROTECTED]> > wrote: > >> Commands exist and are shipped with the OS to examine the spool files >> for other users. > > There exists no command that an unprivileged user can use to examine > anothers' spool files. I don't recall ever claiming that unprivileged users *could*. Where'd you get that idea? Maybe that's the root of the disconnect here. > Using the spool to hold data is not a security risk. Assuming you trust your privileged users completely. More exposures are inside jobs than any risk of external exposure. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390