change to vncpasswd requested

Carl R. Witty cwitty "at" newtonlabs.com
Thu, 01 Oct 1998 05:08:26 +0000


Dan Mick <dan.mick "at" West.Sun.COM> writes:

> > > > Yes, I agree; but is somebody who runs "chmod -R a+r $HOME"
> > > > "explicitly taking responsibility" for exposing his/her password?
> > > 
> > > absolutely.  Don't change the permission on *any* file you don't understand.
> > > Ever.
> > 
> > i agree, but most users aren't conditioned to be as careful with file
> > permissions (particularly read permissions).  they don't expect that
> > changing the read permissions of their home directory would allow
> > someone to compromise their account, and in general, it wouldn't.  the
> > conditioning isn't there because in most cases it doesn't have to be.
> 
> .rhosts is famous.  .forward is famous.  True, they don't normally
> get affected unless you try really hard...but still, it's not like
> this is without precedent.  I'm fairly low on sympathy for someone
> who opens permissions on a file and is then surprised that someone
> else has more access to their private stuff....it's a direct match.

But this is a case of opening up read access on a file and giving
somebody else write access to my private stuff...not a direct match at
all.

Carl Witty
cwitty "at" newtonlabs.com

---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------