[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Ubuntu shows updates / security updates on shell logins



2009/11/4 Kevin Kofler <kevin kofler chello at>:
> Richard June wrote:
>> It's a good idea for one off jobs where the primary user is also the
>> admin, but not so good for shared systems. Personally I think a better
>> plan would be to display that information *only* if the user is
>> flagged as an administrator, group root, wheel, etc.
>
> It's actually a security risk to display this to non-admin users. It's like
> putting a sticker on your door saying "This door is not locked because my
> keyhole is not working."

Well, in this case you're posting it on the *inside* of your door.  :)

If someone has shell access, they can always run "foo --version", so I
don't think this introduces any security risks that aren't already
posed by someone having a shell on your server.

Cheers,
-- 
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]