Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'why even post this?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
why even post this?
Authored by: sardu_mac on Jan 17, '03 02:53:41PM

Actually, a lot of 'hardcore UNIX admins' have this enabled for their personal account. As long as you have a good password, don't do silly things like run system daemons as the same UID, use system accounts for apache authentication and such, there's no harm in this. Don't enable it for other accounts or users who aren't UNIX-savvy as they may have weak passwords or use services that allow cleartext password transfers.



[ Reply to This | # ]
very unsafe
Authored by: hayne on Mar 04, '05 03:51:52PM
If any of those "hardcore Unix admins" have done this, I hope they only run command-line programs or GUI apps that they themselves have written and so can have complete trust in.

As others have explained (e.g. 'bbum' above), the problem is that any program running under your account can (with this "hint") get full control of the machine. And a sufficiently clever piece of malware can do this without leaving any noticeable trace - so you might never know that your machine has been taken over.

I strongly recommend against implementing this hint.

[ Reply to This | # ]