2009/11/4 Kevin Kofler <kevin.kofler@xxxxxxxxx>: > Richard June wrote: >> It's a good idea for one off jobs where the primary user is also the >> admin, but not so good for shared systems. Personally I think a better >> plan would be to display that information *only* if the user is >> flagged as an administrator, group root, wheel, etc. > > It's actually a security risk to display this to non-admin users. It's like > putting a sticker on your door saying "This door is not locked because my > keyhole is not working." Well, in this case you're posting it on the *inside* of your door. :) If someone has shell access, they can always run "foo --version", so I don't think this introduces any security risks that aren't already posed by someone having a shell on your server. Cheers, -- McGill University IT Security Konstantin Ryabitsev Montréal, Québec -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
