On Thu, 19 Feb 1998, Bruce Barnett wrote:

> The real danger, as I see it, is in getting the proper group
> permissions.  This in itself is not a problem. The problem is that if
> there ARE sufficient group privileges, someone might gain access to
> that group through setgid executables, or NFS file systems where the
> group is not wheel. In other words, a combination of small errors can
> compromise a system.

Perfectly correct. A general principle of security is that if you
can set things up to avoid opportunities for small errors, you
should.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite mist, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.