--LG0Ll82vYr46+VA1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 11, 2003 at 10:25:10PM -0700, der.hans wrote:
> Do you mean s/not// on that sentence?

I believe he was asking, "Why is having the sbin directories in your
path not a security risk?"  I'll field this one. ;-)

The bin/sbin distinction is based on the theory that the bin directories
should contain software that is useful for everyone, and the sbin
directories should contain software that is useful only for
administrators.  In practice, most of the software in the sbin
directories is useful for troubleshooting and is therefore useful for
most everyone, assuming the user is familiar with the operation of the
software.

Simply put, it's not a security risk because normal users do not have
sufficient privileges to harm the system or make changes to system
settings, beyond that which the administrator bestows upon them.  For
example, try using ifconfig to bring down or mis-re-configure a network
interface as a normal user, without invoking root.  You won't be able to
do so.

If putting the sbin directories in a normal user's $PATH exposes a
security risk, that risk was already present and is not the fault of the
$PATH in question.

HTH.

--=20
Bill Jonas    *    bill@billjonas.com    *    http://www.billjonas.com/
"It's a dangerous business, Frodo, going out your front door.  You step
into the Road,  and if you don't keep your feet,  there  is  no knowing
where you might be swept off to."  --  Bilbo Baggins

--LG0Ll82vYr46+VA1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/OIqOdmHcUxFvDL0RAr/MAJwM/kgTbCY5GMrDUuMfh4adBO7F7QCgsPg/
Zh1kqoUnhNGc0rkVP/uJYe4=
=LZzo
-----END PGP SIGNATURE-----

--LG0Ll82vYr46+VA1--