Subject: Re: Removing dm(1)
To: Jon Ribbens <jon@oaktree.co.uk>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
List: tech-security
Date: 11/21/1997 07:05:52
 Jason Thorpe <thorpej@nas.nasa.gov> wrote:
> > Ah, thank you.  I was hoping this is what you'd tell me.  Basically,
> > now I can give you an example of significant functionality that
> > dm(8) provides...
> > 
> > Curt: I suggest you edit /etc/dm.conf to disallow games that spawn pagers
> > until this issue is dealt with.  :-)
> 
> This isn't good enough. All the games are riddled with sprintfs and
> strcats and suchlike.

This is why one should not install games on a production server, or at least 
file off any setuid and possibly even setgid bits.  In the big picture, games 
are not really worth the time and effort.

An alternative is to only include the games in the source distribution, not in 
any binary distribution.  Make sure that the sysadmin understands the risks of 
installing games and have her acknowledge this during install via a prompt 
from the Makefile or by having her set an environment variable that 
acknowledges this.  Then if a sysadmin installs any games and those games are 
used to compromise any user's account, then its the sysadmin's own damn fault 
for installing games on a mission critical server.

> Jon
> ____
> \  //    Jon Ribbens    // 100MB virtual-hosted // www.oaktree.co.uk
>  \// jon@oaktree.co.uk //  web space for 99UKP //
> 



Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       Cy.Schubert@gems8.gov.bc.ca

		"Quit spooling around, JES do it."
>