Jeremy Allison jeremy at valinux.com
Mon Dec 20 22:48:21 GMT 1999

Luke Kenneth Casson Leighton wrote:
> sum(0..n)(security)t tends to zero, as number of idiots tends to infinity.

Yes I know.

> jeremy, the pam writers created an /etc/security directory for these sorts
> of things. the /etc/security directory is there to make it really, really
> obvious that these files are not to be messed with.
> we create a private/ directory for the same reasons.
> we modify the permissions not only on the file but also on the directory
> to be root-access only.
> readhat thinks otherwise, it seems.

I agree, that what we do is more paranoid than what they
do, but you must understand that what they do is *NOT*
a security hole.

You must be *very* careful about screaming "security hole"
when no such problem exists. People get *very* twitchy,
and with good reason, when you publically accuse them
of such things.

Remember the boy who cried wolf....

NOTE for the clueless :-).
RedHat 6.x does *NOT* have a security hole here !!!


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list