Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Alex Malinovich <demonbane@the-love-shack.net>
Date: 29 Apr 2003 15:48:06 -0500
Message-id: <[🔎] 1051649286.10105.9.camel@Thief>
In-reply-to: <[🔎] 3EAEC591.1090700@ocf.berkeley.edu>
References: <[🔎] 1051280874.3ea945eac5fb1@mail.dominicanrepublic.com> <[🔎] 20030425164022.GC494@lazarus> <[🔎] 1051291323.3ea96ebb18853@mail.dominicanrepublic.com> <[🔎] 20030426043435.GF494@lazarus> <[🔎] 3EAAF3B3.1020303@ocf.berkeley.edu> <[🔎] 20030427025246.GB4889@lazarus> <[🔎] b8jtq0$7um$1@main.gmane.org> <[🔎] 20030429041734.GH24149@lazarus> <[🔎] 3EAEC591.1090700@ocf.berkeley.edu>

On Tue, 2003-04-29 at 13:33, Michael Toomim wrote:
--snip--
> If a hacker gets access to your account, and then you su to root, he'll 
> sniff your password and get root access.  Being a user who periodically 
> logs in as root is just as insecure as being a user who logs in as root.
> 
> Except that in this case, it's actually LESS secure.  Say a hacker gets 
> into my user account.  If I were to login as root from GDM, the hacker 
> would still be trapped in my user account.  But if I *can't* log in as 
> root from GDM, I'll be forced to su to root instead from my user 
> account, and the hacker will get my password (and consequently root access).
--snip--

This is all assuming that you're trying to prevent a malicious "hacker"
(cracker might be more appropriate) from breaking into your computer. No
computer is secure enough to withstand a prolonged, concerted effort to
break into it. What we need to protect against is random attacks in the
forms of scripts, viruses, worms, trojans, etc.

--snip--
> No, that's a different argument.  You're telling me that I shouldn't 
> give secretaries root access.  Well, duh.  But the question isn't 
> whether you give secretaries root access or not, it's whether you give 
> people who *already have/want/need root access* the ability to log in as 
> root to gnome through GDM.
> 
> If you can log in as root through a console, a startx, and an xterm, 
> there's no real reason that you shouldn't be allowed to log in as root 
> through GDM.  Being root from GDM is no more dangerous or insecure than 
> being root from the console or su.

I agree that a user should be ABLE to log in as root from GDM if s/he so
desires. However, there should be appropriate cautions in place to
ensure that John Q. Idiot will get scared away before he accidentally
enables it.

-- 
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: root login
  - From: Michael Toomim <toomim@uclink4.berkeley.edu>

References:
- root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Jenner Almánzar <naldiello@dominicanrepublic.com>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@OCF.Berkeley.EDU>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@uclink4.berkeley.edu>
- Re: root login
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: root login
  - From: Michael Toomim <toomim@ocf.berkeley.edu>

Prev by Date: Re: root login
Next by Date: Re: root login
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread