change to vncpasswd requested

Dan Mick dan.mick "at" West.Sun.COM
Thu, 01 Oct 1998 03:44:14 +0000


> > > Yes, I agree; but is somebody who runs "chmod -R a+r $HOME"
> > > "explicitly taking responsibility" for exposing his/her password?
> > 
> > absolutely.  Don't change the permission on *any* file you don't understand.
> > Ever.
> 
> i agree, but most users aren't conditioned to be as careful with file
> permissions (particularly read permissions).  they don't expect that
> changing the read permissions of their home directory would allow
> someone to compromise their account, and in general, it wouldn't.  the
> conditioning isn't there because in most cases it doesn't have to be.

.rhosts is famous.  .forward is famous.  True, they don't normally
get affected unless you try really hard...but still, it's not like
this is without precedent.  I'm fairly low on sympathy for someone
who opens permissions on a file and is then surprised that someone
else has more access to their private stuff....it's a direct match.


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------