[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

On Sat, 2003-11-29 at 04:05, Martin Pitt wrote:

> - It needs an extra account ("security officer" with UID 400) which is
>   a pretty bad idea IMHO. Since once you are SO (cracked/sniffed
>   password etc.), you can alter anything which seems like a giant
>   security risk to me.

If the password to any account that can become an administrator is
cracked, you're generally screwed regardless of what access control
framework you use (at least if the password is your only method of

I gather grsec's admin password can be different from the user
account's?  Even so, someone who's cracked your account could install a
trojaned shell in your ~/bin or something, and sniff your admin

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: