Re: PermitRootLogin enabled by default
hi all
if an attacker got in ... as a user .... game over... they got in ???
- question is what damage can they do as "user" ...
if an attacker get in the same way as root... game is really over...
as they now have complete control of yoru machine..
- i prefer to disallow root logins...
( assumption in the above is that they can get in thru an existing
( vulnerability .. either as root or a user ..
-- patch the original vulnerability .... fix it first ...
worry about the "follow-me around folks" later ...
( like those in the van outside your home/office listening
( to the wireless connections...
c ya
alvin
On Wed, 26 Jun 2002, John Galt wrote:
>
> That's how monkey.org got taken over--they SCREENed a su, and the attacker
> reattached it after getting as user via EPIC...
>
> On 26 Jun 2002, Christian Egli wrote:
>
> >
> >Simon Kirby <sim@netnation.com> writes:
> >
> >> Using "su root" later is worse than just logging in as root with a key.
> >
> >I cannot understand why using "su root" later would be worse. Can you
> >enlighten me?
> >
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: