[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] root login on RaQ3

Subject: Re: [cobalt-users] root login on RaQ3
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sat Mar 11 10:58:59 2000

At 01:46 PM 3/11/00 -0500, you wrote:

I never said it wasn't a security risk...  I should have said that it is a
MAJOR security risk to allow direct root logins.

...<stuff snipped out of middle>...
<crawling back into my hole now>


Actually I think your response to me quite reasonable.

Here's the skinny:

Since everyone knows every user box has a "root" account, if "root"accounts were available through telnet, anyone could do a dictionary attackon every server running telnet. As is, without root access, in order to doa dictionary attack, the attacker needs to know at least one loginname. Since everyone does for Cobalt boxes <admin>, you don't gain anysecurity if you've got Cobalt boxes, and let everyone know it.

One way to get some additional security would be to have a program runningsuid that would let you go into su, reading the password from a -r--------file. Of course this only works if the name of the program is so obscure,and the file is hidden as well, that no one could ever guess it's name.

All bets are off if someone's sniffiing you, though; then they seeeverything you type <frown>.


Jeff

--
Jeff Lasman <jblists@xxxxxxxxxxxxx>

Follow-Ups:
- Re: [cobalt-users] root login on RaQ3
  - From: Joe D
- Re: [cobalt-users] root login on RaQ3
  - From: Dennis

References:
- [cobalt-users] root login on RaQ3
  - From: Tim Storm
- Re: [cobalt-users] root login on RaQ3
  - From: Jeff Lasman
- Re: [cobalt-users] root login on RaQ3
  - From: Brian Curtis

Prev by Date: RE: [cobalt-users] Sendmail Relaying Problems
Next by Date: Re: [cobalt-users] root login on RaQ3
Previous by thread: Re: [cobalt-users] root login on RaQ3
Next by thread: Re: [cobalt-users] root login on RaQ3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index