On Sat, 2003-11-29 at 04:05, Martin Pitt wrote:
> - It needs an extra account ("security officer" with UID 400) which is
> a pretty bad idea IMHO. Since once you are SO (cracked/sniffed
> password etc.), you can alter anything which seems like a giant
> security risk to me.
If the password to any account that can become an administrator is
cracked, you're generally screwed regardless of what access control
framework you use (at least if the password is your only method of
authentication).
I gather grsec's admin password can be different from the user
account's? Even so, someone who's cracked your account could install a
trojaned shell in your ~/bin or something, and sniff your admin
password.
Attachment:
signature.asc
Description: This is a digitally signed message part