In article <Pine.SOL.3.96.970516155535.1298Z-100000@???>,
Philip Hazel <ph10@???> wrote:
: On Fri, 16 May 1997, Jay Denebeim wrote:
: > IMO reducing the security on a bunch of directories is a much larger
: > security breach than running a trusted program. You should only exit root
: > when actually running external programs I think.
:
: Ooooohhhhh!!!! *That* will stir up some reactions on this list, I
: expect. It is quite contrary to what the "security experts" have been
: telling me (quite forcibly in some cases).
I'll second what they're telling you. While running as not-root
doesn't eliminate bugs due to coding errors, it reduces the scope
for mischief that is enabled by those coding errors.
