person playing wesnoth as root

To: debian-user@lists.debian.org
Subject: person playing wesnoth as root
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Thu, 6 Dec 2007 09:56:59 -0500
Message-id: <[🔎] 20071206145659.GB6224@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org

I don't have previous threads stored on my box, so I can't link this
into the right thread.

There was a thread in the last few days from someone who felt that they
need to run the westnoth game as root to access some kind of
framebuffer.

As a concrete example of why this should be avoided, I note today's
security announcement on the game that there is a bug which allows an
attacker to read any file to which the user running the game has access.

Some attacker could have read the shadow-password file (heh, the whole
/etc), crack all the passwords, and just be waiting for ssh to open port
22.  Pubkey wouldn't help since they'd also have read your ~/.ssh/

Doug.

Reply to:

Follow-Ups:
- Re: person playing wesnoth as root
  - From: Michael Pobega <pobega@gmail.com>

Prev by Date: Re: bash color aliases
Next by Date: Re: person playing wesnoth as root
Previous by thread: Re: Where are lenny weekly build CD ISOs?
Next by thread: Re: person playing wesnoth as root
Index(es):
- Date
- Thread