On Thu, Feb 15, 2001 at 01:46:31PM -0600, InSaNe wrote:
> Ok I seriously am sorry, but I needed to get advice/opinion from a pretty
> competent group of people. Carolyn Meinel seems to think that allowing
> the use of wall by regular users is a security compromise. I run free
> shell accounts, she is critizing me for allowing users to be able to run
> daemons above 1024 and seems to think "wall" could be used to cause denial
> of service on root, assuming root even has messages turned on, which I
> would never do.
>
I have never been impressed with anyting Ms Meinel has ever had to say.
I cannot see how she considers herself an authority on security
related issues.

> What are your guys opinions on normal users being able to run wall, I
> personally think what the hell are they gonna do with wall? She wanted to
> take this discussion to one of her happyhacker mailing list, and I wanted
> an un-biased opinion.
>
If I am not mistaken mesg is off by default so unless they want to
get the messages users will not even see them. I would suggest that
she provide a functional example of how wall could be used to DOS
root, if she cannot then she is once again, mistaken.

-- 
|
I am not sure how many monkeys it would take to type out the
works of Shakespear. I do know how many cats it would take to spam a
maillist if I leave my computer on.
AA4YU http://www.beekeeper.org http://www.q7.net 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]