Re: PermitRootLogin=yes versus su
From: Sebastian Hans (hanss@in.tum.de)
Date: 01/27/03
- Next message: Konrad Hinsen: "Re: Hostbased authentication with OpenSSH 3.4p1"
- Previous message: Cameron Laird: "Re: PermitRootLogin=yes versus su"
- In reply to: Simon Tatham: "Re: PermitRootLogin=yes versus su"
- Next in thread: Sebastian Hans: "Re: PermitRootLogin=yes versus su"
- Reply: Sebastian Hans: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Sebastian Hans <hanss@in.tum.de> Date: Mon, 27 Jan 2003 13:18:15 +0000 (UTC)
Simon Tatham <anakin@pobox.com> wrote:
>
> But if su has a vulnerability, then the attacker now need only break
> an ordinary user's account - and that's likely to be much easier,
> since on any machine with a large number of users there's bound to
> be _one_ who's done something stupid. The root account is likely to
> be guarded by someone who actually knows what they're doing.
>
> In addition, if su has a local-root vulnerability, any of your local
> users who you don't completely trust becomes a direct threat, so
> external attackers are suddenly the least of your worries!
# groupadd theone
# useradd -g theone theone
# passwd theone
<Choose something strong here of course>
# chown root.theone /bin/su
# chmod 0750 /bin/su
seb
- Next message: Konrad Hinsen: "Re: Hostbased authentication with OpenSSH 3.4p1"
- Previous message: Cameron Laird: "Re: PermitRootLogin=yes versus su"
- In reply to: Simon Tatham: "Re: PermitRootLogin=yes versus su"
- Next in thread: Sebastian Hans: "Re: PermitRootLogin=yes versus su"
- Reply: Sebastian Hans: "Re: PermitRootLogin=yes versus su"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
