Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] For all you vi heathen ;-)
- Date: Fri, 17 Jul 2020 23:55:03 +0900
- From: "Curt J. Sampson" <cjs@example.com>
- Subject: Re: [tlug] For all you vi heathen ;-)
- User-agent: NeoMutt/20170113 (1.7.2)
On 2020-07-17 08:12 +0900 (Fri), Chris wrote:
> > OpenBSD.
> I see Theo's propaganda machine is still effective.
Indeed.
On 2020-07-17 02:09 +0900 (Fri), Benjamin Kowarsch wrote:
> I would not allow any extranet remote users at all unless I am running
> OpenVMS or OpenBSD.
That is a very foolish approach to security.
The vim issue is no surprise; probably the most important part of the "fix"
was the addition of these two lines to the documentation:
Note that the user may still find a loophole to execute a
shell command, it has only been made difficult.
"'Restricted' version of a very general, complex tool" is almost invariably
a security fail; we've known this for decades. (Remember when `rsh` meant
"restricted shell"?)
There's a reasonable argument to be made that things of this nature, should
not be made available. Not only are they an almost certain source of
security holes if used naïvely, but almost any use, even by someone who
(normally) knows what he's doing, is naïve. But they do have their (very)
occasional uses.
cjs
--
Curt J. Sampson <cjs@example.com> +81 90 7737 2974
To iterate is human, to recurse divine.
- L Peter Deutsch
- Follow-Ups:
- Re: [tlug] For all you vi heathen ;-)
- From: Benjamin Kowarsch
- Re: [tlug] For all you vi heathen ;-)
- References:
- Re: [tlug] For all you vi heathen ;-)
- From: Benjamin Kowarsch
- Re: [tlug] For all you vi heathen ;-)
- Prev by Date: Re: [tlug] Introduction to (Tech) Worker Cooperatives, 09:00AM on Sunday, July 12th JST
- Next by Date: Re: [tlug] For all you vi heathen ;-)
- Previous by thread: Re: [tlug] For all you vi heathen ;-)
- Next by thread: Re: [tlug] For all you vi heathen ;-)
- Index(es):