On Tue, 31 Oct 2000, William T Wilson wrote: > On 31 Oct 2000, Hubert Chan wrote: > > > My sudoers file is basically just > > hubert ALL=(ALL) ALL > > This can be extremely convenient. But it also makes the security of the > whole system equal to the security of your user account. > > If you are worried about security, and you have a situation like this, you > have to take as much care with your personal account as you would with > root. So you must never type passwords unencrypted over the network, > leave yourself logged in, etc. unless you are sure that the situation is > secure.
You should behave in this manner anyway. A compromised user account is destined to become a compromised root account. There are too many local root exploits to ignore the danger. Damian Menscher -- --==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
