Re: root login
Robert McQueen wrote:
> This argument has the minor disadvantage of being completely wrong. If
> a hacker gets access to your user account, then the system utilities
> or kernel etc cannot have been changed to obtain your root password
> during the normal utilisation of your system.
First, I totally agree with the sentiment, and I'm sure you already know
about the security issues I'm about to mention. I just want to be extra
pedantic so that new users don't get a false sense of security from your
message.
> Your /bin/su or whatever is still owned by root and there's no way the
> hacker-as-a-user could modify it to log or yield you root password.
True, but if you type "su" instead of "/bin/su", then you're vulnerable
to shell aliases or changed PATH variables. These might be noticed
before they lead to disaster -- but what if the attacker has changed
your login shell to a hacked version that masquerades as the real thing?
Or the attacker could run a program from your account that takes over
the entire screen and looks just like your display manager or "login"
prompt. It will let anyone log in normally, but not before snagging
a password and setting up logging for all keystrokes.
When security is of the utmost importance, any user account must be
treated as a major risk. You should su or sudo rarely, and from a
special, tightly-controlled account, and you should monitor all logs
and accounts for suspicious activities.
Reply to: