Root access with python
Erik Max Francis
max at alcyone.com
Mon Apr 1 14:39:14 EST 2002
Jim Dennis wrote:
> As for your overall "advice." It's of little value to tell
> someone: "don't do that" without offering any suggestion about
> what he or she SHOULD try.
>
> Whenever discussing computer system security I avoid
> proscriptive pronouncements like: "you can't do that" or
> "no one should ..."
You have a point, but it is still the case that there _are_ solutions
and approaches which are so ill-advised that you are better off stopping
them in their tracks before they go any further down the roads. Some
approaches are so bad -- i.e., they have caused endless problems over
the years -- that an expert, much less a novice, should avoid them like
the plague. I'd say setuid scripts is pretty much up there.
A better approach to just, "Don't do that," would be to discourage the
current approach by suggesting that they go back to basics -- instead of
asking how to do the approach they've come to, ask them what fundamental
problem they're trying to solve.
--
Erik Max Francis / max at alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, US / 37 20 N 121 53 W / ICQ16063900 / &tSftDotIotE
/ \ Nationalism is an infantile sickness.
\__/ Albert Einstein
Alcyone Systems' Daily Planet / http://www.alcyone.com/planet.html
A new, virtual planet, every day.
More information about the Python-list
mailing list