Re: please remove permission check that disallows private-group access.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 10/22/18, 5:42 PM, "openssh-unix-dev on behalf of Peter Moody" <openssh-unix-dev-bounces+uri=ll.mit.edu@xxxxxxxxxxx on behalf of mindrot@xxxxxxxx> wrote:

    the determined sysadmin can just copy the keys where they want them to
    be and run chmod. problem solved. 

Not so fast. If a home directory is on an NFS or AFS filesystem, where would that "determined sysadmin" copy the keys to? Not to mention the question of what business that "determined sysadmin" has touching my keys?

    no need for a new client side config option, which carries a non-zero
    cost of ongoing maintenance.

The cost of ongoing maintenance does not exceed the cost of dealing with this problem.

    
    On Mon, Oct 22, 2018 at 2:20 PM Charlie Smurthwaite <charlie@atech.media> wrote:
    >
    > I'm new here, but I feel like chiming in, I hope my opinions are
    > welcome. At first glance at this thread it seems unnecessary to argue
    > about the necessity of these checks when when the option exists to give
    > users the choice.
    >
    > Adding configuration option(s) for users who wish to bypass these checks
    > could allow experienced users to do what they need to, and less
    > experienced users could still benefit form the protection by default.
    >
    > Generally, giving users the choice should not be controversial, but I
    > will note that there is the mild fear of a user googling the error and
    > finding misguided advice to simply disable the check.
    >
    > Charlie
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@xxxxxxxxxxx
    > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@xxxxxxxxxxx
    https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
    

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux