Re: root login

To: debian-gtk-gnome@lists.debian.org
Subject: Re: root login
From: Michael Toomim <toomim@uclink4.berkeley.edu>
Date: Wed, 30 Apr 2003 10:03:26 -0700
Message-id: <[🔎] b8ovin$ura$1@main.gmane.org>
In-reply-to: <[🔎] Pine.GSO.4.44.0304300704390.5293-100000@turing>
References: <[🔎] 20030430080013.GB29199@hadesian.co.uk> <[🔎] Pine.GSO.4.44.0304300704390.5293-100000@turing>

Matt Brubeck wrote:

True, but if you type "su" instead of "/bin/su", then you're vulnerable
to shell aliases or changed PATH variables.  These might be noticed
before they lead to disaster -- but what if the attacker has changed
your login shell to a hacked version that masquerades as the real thing?

Or the attacker could run a program from your account that takes over
the entire screen and looks just like your display manager or "login"
prompt.  It will let anyone log in normally, but not before snagging
a password and setting up logging for all keystrokes.

When security is of the utmost importance, any user account must be
treated as a major risk.  You should su or sudo rarely, and from a
special, tightly-controlled account, and you should monitor all logs
and accounts for suspicious activities.


Thanks, I was just about to say that myself. :)

There are MANY, very easy ways to sniff a password with user-levelaccess. If a cracker ever has access to a user account when you su orsudo from it, he gets root access on your machine (unless he's stupid).


Michael

Reply to:

References:
- Re: root login
  - From: Robert McQueen <robot101@debian.org>
- Re: root login
  - From: Matt Brubeck <mbrubeck@cs.hmc.edu>

Prev by Date: Re: root login
Next by Date: Re: root login
Previous by thread: Re: root login
Next by thread: Re: root login
Index(es):
- Date
- Thread