Re: Microsoft SQL server 7

From: Luke Vogel (luke@bell-bird.com.au)
Date: 05/22/02

• Next message: svek: "Re: Why is BSD more secure?"
• Previous message: Ian C Smith: "Re: The best GUI for ipchains and/or iptables?"
• In reply to: Armin Krawinkel: "Re: Microsoft SQL server 7"
• Next in thread: Dimitri Maziuk: "Re: Microsoft SQL server 7"
• Reply: Dimitri Maziuk: "Re: Microsoft SQL server 7"
• Reply: Armin Krawinkel: "Re: Microsoft SQL server 7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Luke Vogel <luke@bell-bird.com.au>
Date: Wed, 22 May 2002 21:01:02 +1000

Armin Krawinkel wrote:

> well, if you install mysql-server for linux it comes without a r00t
> password too.
> apart from that it makes no difference if you ship an application with no
> password or a password that everybody knows.

Your argument is clearly flawed ... running as an unprivileged account,
and running as an account _with_ privileges is two very different
things. I'd be very surprised if mysql-server needed to be run as
"rOOt" as you put it.

If SQL server 7 needed an admin. (read privileged) account to run, then
it should certainly have prompted for password verification on
installation. Not doing so clearly makes a mockery of what MS believe
security practices should be and only clarifies further that MS still
have absolutely no idea what they are doing.

-- 
Regards
Luke
------
Q:  What does FAQ stand for?
A:  We are Frequently Asked this Question, and we have no idea.
------
C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
Note: Remove NOSPAM from my return address if necessary
------

---

• Next message: svek: "Re: Why is BSD more secure?"
• Previous message: Ian C Smith: "Re: The best GUI for ipchains and/or iptables?"
• In reply to: Armin Krawinkel: "Re: Microsoft SQL server 7"
• Next in thread: Dimitri Maziuk: "Re: Microsoft SQL server 7"
• Reply: Dimitri Maziuk: "Re: Microsoft SQL server 7"
• Reply: Armin Krawinkel: "Re: Microsoft SQL server 7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Microsoft SQL server 7 ... Armin Krawinkel wrote: ... > apart from that it makes no difference if you ship an application with no ... and running as an account _with_ privileges is two very different ... (comp.os.linux.security) Re: Stop running a script ? ... What's so hard about editing the shortcut you created from the file? ... Something else to consider is under what account you login when you go ... user account which reduces privileges available to all programs ... This means your web browser is less ... (alt.os.windows-xp) Re: How good is Comodo Internet Security? ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... limited and you get more protection. ... They don't want to use a limited Windows account. ... (comp.security.firewalls) Re: How good is Comodo Internet Security? ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... use them to start the web browser, that instance of the web browser is ... limited and you get more protection. ... (comp.security.firewalls) Re: How good is Comodo Internet Security? ... Since the token has the limitation of a standard user ... account, ... the child process under limited privileges, ... do out admin task within our LUA enviroment? ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-05