On Wed, 01 Sep 1999 18:07:32 PDT, "Free, Bob" <RWF4at_private> said: > reboot. When the installation is completed after rebooting, these keys are > cleared and your legal notice is gone. Having installations that blow away files *intended* for user configuration is always Very Bad Juju. > If your security policies are reliant on legal notices this is not a good > thing. (...) OK.. I admit I'm reading it at 3AM, and it took 3 retries before I parsed this sentence the way you intended. I kept reading it as "this" being the reliance, not the bug. It took 2 more reads before it sank in that parsed either way the sentence was still probably true. Having legal notices dissapear is a Bad Thing, and having policies that require them may be a Bad Thing too... Can anybody out there cite case law or statute where having a legal notice actually makes a difference, in the case of a scriptz kiddy exploit that rarely, if ever, sees a legal notice? I'm aware of the old "welcome to VMS" issue regarding the lack of a notice when the user logged in normally. This is the opposite - entering a system via a means never intended to have a legal notice. Could a login banner be self-defeating, if a hacker doesn't login? In any case, if your security policies are *reliant* on notices, as opposed to including them as one *small* part of a total solution, you're probably already 0wned... ;) Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:19 PDT