On Tue, 2003-04-29 at 13:33, Michael Toomim wrote: --snip-- > If a hacker gets access to your account, and then you su to root, he'll > sniff your password and get root access. Being a user who periodically > logs in as root is just as insecure as being a user who logs in as root. > > Except that in this case, it's actually LESS secure. Say a hacker gets > into my user account. If I were to login as root from GDM, the hacker > would still be trapped in my user account. But if I *can't* log in as > root from GDM, I'll be forced to su to root instead from my user > account, and the hacker will get my password (and consequently root access). --snip-- This is all assuming that you're trying to prevent a malicious "hacker" (cracker might be more appropriate) from breaking into your computer. No computer is secure enough to withstand a prolonged, concerted effort to break into it. What we need to protect against is random attacks in the forms of scripts, viruses, worms, trojans, etc. --snip-- > No, that's a different argument. You're telling me that I shouldn't > give secretaries root access. Well, duh. But the question isn't > whether you give secretaries root access or not, it's whether you give > people who *already have/want/need root access* the ability to log in as > root to gnome through GDM. > > If you can log in as root through a console, a startx, and an xterm, > there's no real reason that you shouldn't be allowed to log in as root > through GDM. Being root from GDM is no more dangerous or insecure than > being root from the console or su. I agree that a user should be ABLE to log in as root from GDM if s/he so desires. However, there should be appropriate cautions in place to ensure that John Q. Idiot will get scared away before he accidentally enables it. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part