Re: Ethereal in the Background
Re: Ethereal in the Background
- Subject: Re: Ethereal in the Background
- From: email@hidden (Randal L. Schwartz)
- Date: 14 Apr 2006 07:45:00 -0700
>>>>> "Randal" == Randal L Schwartz <email@hidden> writes:
Randal> Just enable sudo without a password. Unless you've configured your
Randal> openfirmware to require a password on boot and disable single user mode, your
Randal> machine is vulnerable to reboot with command-S, so permitting sudo without a
Randal> password is not an additional risk. In other words, you'll always be counting
Randal> on physical access security anyway.
I should qualify this by saying that "sudo without a password" is not an
*additional* security risk if you permit a command-S boot *and* you *don't*
permit remote access (anything in the sharing menu other than internet
sharing).
If you permit remote logins or file transfers, someone *without* physical
access might get into your system as you, and then sudo-without-a-password is
indeed a viable vector to root access.
Because there's no need to permit me (or others) to get onto my box, I have
these all turned off, but forgot that this is correlated to the
sudo-without-password vector.
Wouldn't want them to take away my security badge. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<email@hidden> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden