Re: security policy / root passwords

To: debian-devel@lists.debian.org
Subject: Re: security policy / root passwords
From: Uoti Urpala <uoti.urpala@pp1.inet.fi>
Date: Mon, 10 Jun 2013 16:12:18 +0300
Message-id: <[🔎] 1370869938.18948.18.camel@glyph.nonexistent.invalid>
In-reply-to: <[🔎] 51B5CC89.3060306@pocock.com.au>

Daniel Pocock wrote:
> It was also demonstrated with Windows 7 that users could be tricked by
> web sites that simply dimmed the background of the browser window - so
> it is not a perfect solution and I would personally prefer to see users
> referred to initiate "su" or "sudo" on their own.

Initiate "su" or "sudo" as in from a terminal? Conditioning users to
write commands in a terminal when prompted by a dialog sounds even worse
than leaking passwords. At least leaking system passwords is less
catastrophic when the system allows no remote login.

Reply to:

References:
- Re: security policy / root passwords
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: Re: security policy / root passwords
Next by Date: Re: Bug severity and private data disclosure
Previous by thread: Re: security policy / root passwords
Next by thread: Re: security policy / root passwords
Index(es):
- Date
- Thread