[TAG] (forw) Re: (forw) Re: (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

Tue Jan 30 09:06:41 MSK 2007

Quoting Sindi Keesan (keesan at grex.cyberspace.org):

> Actually French was much more heavily involved than Latin, as were the 
> Norse invaders.

I'm quite minutely familiar with that history, Sindi, for multiple
reasons including my principal ancestors having been the main threat to
civilisation at that time (Vikings) -- and, as I hoped would be apparent,
was speaking metaphorically, i.e., of the collision between the language
families involved.

> What would the programs do with my shell account, which is run as user, 
> send spam from it?

Let me turn that around and suggest that _you_ think through the
possiblities.  You have everything you need to do so. 

> forwarding of packets from the internet via the dialed-in computer 
> (gateway) to the other one, both on the same local network?

Sorry, I'm about done with the idle questions for which you can
determine the answers from standard resources.  In addition to manpages
(which are often dauntingly terse, by design), try TLDP's HOWTOs, such
as this one:

http://tldp.org/HOWTO/IPCHAINS-HOWTO.html

The Answer Gang is quite tolerant generally about questions, but at a
certain point we expect the querent to engage with the subject matter.
A check of my sent mail reveals that you've been exchanging mail with
tag since at least 2003.  It's time for you to resolve some basic
informational questions on your own, in my view.

> Do I need a firewall like the above on the laptop computer?

Please re-read my earlier mails, on how you determine what security
measures you "need".

> Is sourceforge considered safe?

Well, all of VA Linux Systems, Inc.'s corporate network was
security-compromised in 2001 because of a sysadmin incautiously visiting
shells.sourceforge.net (which was root-compromised at the time) and then
sshing or scping back into the corporate network.  At the same time,
almost all development code being handled via shells.sourceforge.net 
and hosted on SourceForge.net proved at the time to be verifiably
uncorrupted because the developers had cryptographically signed their
work.

All of the machines withing VA Linux Systems were powered down and their
ethernet ports disabled, after which every last one of them had to be
wiped and reinstalled, with any restored non-executable, non-conffile
data files needing to be carefully vetted.

I would not really call that "safe", personally.

> Besides  running Opera (and maybe dialing and/or loading Xvesa and
> rxvt) as user should I take any other precautions on their computers?

I don't know how many times I'm willing to say "Your design is
fundamentally bad, if only because it uses root logins by default."
This is probably the last time, as obviously I'm wasting my time.
I stated, for that reason, that I was uninterested in helping users
unwilling to do that basic step correctly -- and I meant what I said.