[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account



On Mon, Jul 09, 2001 at 04:18:10PM -0800, Ethan Benson wrote:
> On Mon, Jul 09, 2001 at 09:33:12AM -0400, Jason Healy wrote:
> > machine.  The machine was locked in the server room, so the only
> > people who could get to the root password (and the console) were the
> > people with keys.  If you needed to boot to single-user, you'd rip
> 
> which in most places includes janitors and low paid rent-a-cops.  

Give me physical access and I don't need your root password, though it may
help make the job less detectable.  But you don't get more security than you
physically have to begin with.

> nice way to root a box without being detected, just bring along a new
> envelope and nobody will be the wiser.

Except the admin who put that password into the envelope.  That was one
thing that seemed off in the original description, but maybe the proecess
was just glossed over and the new password really is somehow installed and
put on paper and into the envelope without any way for the admin who used
the old one to find out what it is.  Color me dubious, though.

-- 
Neither can his mind be in tune, whose words do jarre,
nor his reason in frame, whose sentence is preposterous.  -- Ben Jonson



Reply to: