* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:59:29+0100]:
> > thanks, you just made me laugh!
> you set lamer detector to orange.
alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.
i shall now try to sum up my points. we have been talkin
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:58:46+0100]:
> > excellent. you know what i did: i just remove the root:0:... line from
> > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> > security. yeah!
>
> before you shout, think twice. this is READ-only on my syste
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:59:29+0100]:
> > thanks, you just made me laugh!
> you set lamer detector to orange.
alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.
i shall now try to sum up my points. we have been talki
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.18 17:58:46+0100]:
> > excellent. you know what i did: i just remove the root:0:... line from
> > /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> > security. yeah!
>
> before you shout, think twice. this is READ-only on my syst
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:39, Mathias Gygax wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
>
> maintainer is someone else. root is there for serving the daemons.
> admi
-BEGIN PGP SIGNED MESSAGE-
On Friday 16 November 2001 11:39, Mathias Gygax wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
>
> maintainer is someone else. root is there for serving the daemons.
> adm
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote:
> thanks, you just made me laugh!
you set lamer detector to orange.
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote:
> excellent. you know what i did: i just remove the root:0:... line from
> /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> security. yeah!
before you shout, think twice. this is READ-only on my system. you don
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
^^
> can very fine tune the setup. fo
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
... which root can change at convenience. this
On Son, Nov 18, 2001 at 05:06:21 +0100, martin f krafft wrote:
> thanks, you just made me laugh!
you set lamer detector to orange.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Son, Nov 18, 2001 at 05:08:14 +0100, martin f krafft wrote:
> excellent. you know what i did: i just remove the root:0:... line from
> /etc/passwd and /etc/shadow. now i can't be root. that must be perfect
> security. yeah!
before you shout, think twice. this is READ-only on my system. you do
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 14:36:30+0100]:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
^^
> can very fine tune the setup. f
* Mathias Gygax <[EMAIL PROTECTED]> [2001.11.16 15:06:54+0100]:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
... which root can change at convenience. this
first in this discussion root == maintianer of the box
you are suggesting the maintainer of the box has no pysical access and
no privileges to maintain the box. this makes no sense.
On Fri, Nov 16, 2001 at 05:39:43PM +0100, Mathias Gygax wrote:
>
> i don't care. i can seal LIDS that you can on
first in this discussion root == maintianer of the box
you are suggesting the maintainer of the box has no pysical access and
no privileges to maintain the box. this makes no sense.
On Fri, Nov 16, 2001 at 05:39:43PM +0100, Mathias Gygax wrote:
>
> i don't care. i can seal LIDS that you can o
Very simple solution: dont say anything bad about root in email.
--
Wot? No Coffee?
MadProf
On Fri, Nov 16, 2001 at 05:39:43PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
> maintainer is someone else. root is
On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
> this is, with the right patches applied, not true.
And who has to apply th
Very simple solution: dont say anything bad about root in email.
--
Wot? No Coffee?
MadProf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
This thread is getting old. If you don't want root to read your email,
use an editor that can be set to not store temp files, use ASCII armor,
and encrypt everything before you send it. Root could still access
memory while you are composing the messages, so maybe you
should compose them on an
On Fri, 16 Nov 2001, Ralf Dreibrodt wrote:
>Hi,
>
>Mathias Gygax wrote:
>>
>> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
>>
>> > No, you can't. No matter how you cut it, root can install a new
>> > kernel, sans LIDS and write to his/her home dir.
>>
>> how? replace /boot? t
On Fre, Nov 16, 2001 at 05:48:11PM +0100, Ralf Dreibrodt wrote:
> you have just another definition of root.
no. we don't have any user concept there.
> you mean the user with the id 0. this user is really not able to do
> this. but root after my definition can hit the reset-button, put in a
> c
On Fri, Nov 16, 2001 at 05:39:43PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
> > There is no way, nor any reason why, to setup a system in such a way
> > that the maintainer of the system cannot maintain it.
> maintainer is someone else. root is
On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
> this is, with the right patches applied, not true.
And who has to apply t
Hi,
Mathias Gygax wrote:
>
> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
>
> > No, you can't. No matter how you cut it, root can install a new
> > kernel, sans LIDS and write to his/her home dir.
>
> how? replace /boot? this is DENY in my setup. access lilo.conf oder lilo
>
On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
> No, you can't. No matter how you cut it, root can install a new
> kernel, sans LIDS and write to his/her home dir.
how? replace /boot? this is DENY in my setup. access lilo.conf oder lilo
binary? DENY. how do you wanna replace syst
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
kern
This thread is getting old. If you don't want root to read your email,
use an editor that can be set to not store temp files, use ASCII armor,
and encrypt everything before you send it. Root could still access
memory while you are composing the messages, so maybe you
should compose them on a
On Fri, 16 Nov 2001, Ralf Dreibrodt wrote:
>Hi,
>
>Mathias Gygax wrote:
>>
>> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
>>
>> > No, you can't. No matter how you cut it, root can install a new
>> > kernel, sans LIDS and write to his/her home dir.
>>
>> how? replace /boot?
On Fre, Nov 16, 2001 at 05:48:11PM +0100, Ralf Dreibrodt wrote:
> you have just another definition of root.
no. we don't have any user concept there.
> you mean the user with the id 0. this user is really not able to do
> this. but root after my definition can hit the reset-button, put in a
>
On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
>
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
>
> > > What's about
Hi,
Mathias Gygax wrote:
>
> On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
>
> > No, you can't. No matter how you cut it, root can install a new
> > kernel, sans LIDS and write to his/her home dir.
>
> how? replace /boot? this is DENY in my setup. access lilo.conf oder lilo
>
On Fre, Nov 16, 2001 at 08:23:27AM -0800, Micah Anderson wrote:
> No, you can't. No matter how you cut it, root can install a new
> kernel, sans LIDS and write to his/her home dir.
how? replace /boot? this is DENY in my setup. access lilo.conf oder lilo
binary? DENY. how do you wanna replace sys
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
ker
Hi,
Mathias Gygax wrote:
>
> > i wanted to post something about lids, but then i thought, it doesn't
> > make sense in this case.
>
> i think it does make sense.
as far as i have read the problem is, that the (wo)man, who has a
root-account is able to read mails.
what is the advantage of instal
On Fre, Nov 16, 2001 at 02:58:48PM +0100, Ralf Dreibrodt wrote:
> Hi,
hi there,
> > > > > Root is God. Anything you do on the system is potentially visible to
> > > > > root.
> >
> > this is, with the right patches applied, not true.
>
> well, i thought this is the definition of root.
no. with
Hi,
Mathias Gygax wrote:
>
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
>
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
well, i thought this is the definition of root.
> > >
On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> > > Root is God. Anything you do on the system is potentially visible to
> > > root.
this is, with the right patches applied, not true.
> > What's about rsbac? Are there other strategies against root available?
>
> root usually has
On Thu, Nov 15, 2001 at 11:46:31PM +0100, Mark Weinem wrote:
> On Thu, 15 Nov 2001, Craig Dickson wrote:
>
> > Root is God. Anything you do on the system is potentially visible to
> > root.
>
> What's about rsbac? Are there other strategies against root available?
root usually has physical acces
On Fri, Nov 16, 2001 at 02:36:30PM +0100, Mathias Gygax wrote:
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
>
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
>
> > > What's about
Hi,
Mathias Gygax wrote:
>
> > i wanted to post something about lids, but then i thought, it doesn't
> > make sense in this case.
>
> i think it does make sense.
as far as i have read the problem is, that the (wo)man, who has a
root-account is able to read mails.
what is the advantage of insta
On Fre, Nov 16, 2001 at 02:58:48PM +0100, Ralf Dreibrodt wrote:
> Hi,
hi there,
> > > > > Root is God. Anything you do on the system is potentially visible to
> > > > > root.
> >
> > this is, with the right patches applied, not true.
>
> well, i thought this is the definition of root.
no. wit
Hi,
Mathias Gygax wrote:
>
> On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
>
> > > > Root is God. Anything you do on the system is potentially visible to
> > > > root.
>
> this is, with the right patches applied, not true.
well, i thought this is the definition of root.
> > >
On Fre, Nov 16, 2001 at 04:13:16AM -0900, Ethan Benson wrote:
> > > Root is God. Anything you do on the system is potentially visible to
> > > root.
this is, with the right patches applied, not true.
> > What's about rsbac? Are there other strategies against root available?
>
> root usually ha
On Thu, Nov 15, 2001 at 11:46:31PM +0100, Mark Weinem wrote:
> On Thu, 15 Nov 2001, Craig Dickson wrote:
>
> > Root is God. Anything you do on the system is potentially visible to
> > root.
>
> What's about rsbac? Are there other strategies against root available?
root usually has physical acce
46 matches
Mail list logo
