Re: dangerous to leave root logged in?
From: Rincewind (rinso_at_unseen.edu)
Date: 03/30/05
- Next message: Unruh: "Re: dangerous to leave root logged in?"
- Previous message: Julia Thorne: "Re: Repost: Linux is Secure - HAHA, Maybe not!!"
- In reply to: Julia Thorne: "Re: dangerous to leave root logged in?"
- Next in thread: Unruh: "Re: dangerous to leave root logged in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 00:01:43 GMT
On Tue, 29 Mar 2005 23:17:53 +0000, Julia Thorne mumbled something like
this:
> So... what IS that vulnerability? I wouldn't be surpised to hear that
> there is one (I'd be surprised if there isn't), but what IS that
> vulnerability?
If you have a logged in root shell, say on the console, Ctrl-Alt-F1, or on
a second X server(say localhost:1), and you allow joe user physical access
to the system, there is nothing to prevent joe user from pressing
Ctrl-Alt-F1 or Ctrl-Alt-F8 and using your open root session. This is not
desirable.
If a process needs to run as root and needs to run all the time, it is
probably better to run it in the background from an init script.
--
Rinso
/\
/ \
/wizz\
~~~~~~~~~~~~
- Next message: Unruh: "Re: dangerous to leave root logged in?"
- Previous message: Julia Thorne: "Re: Repost: Linux is Secure - HAHA, Maybe not!!"
- In reply to: Julia Thorne: "Re: dangerous to leave root logged in?"
- Next in thread: Unruh: "Re: dangerous to leave root logged in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
