On Thu,18.Feb.10, 16:04:09, John Hasler wrote: > You could, in theory, be tricked into downloading a Linux executable, > installing it under your home directory, and running it. It would then > have access to all of your personal files. If the compromised account is the same account used to su/sudo to root it would be quite easy to get the root password. Just imagine a script that presents a "Password:" prompt, records the root password, presents a nice "su: Authentication failure" and then calls the real su. Getting you to run it could be as simple as changing $PATH to include "." (the current directory). If you are really paranoid you should probably have a separate (user) account for doing administrative tasks. I'm not sure if logging in as root on the linux console is more secure than su/sudo, but it would at least prevent the simple type of attack I mentioned above. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature