On Wed, 22 May 2002 14:40:15 -0700
"Vineet Kumar" <[EMAIL PROTECTED]> wrote:
> * Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]:
> > Here's my lack of understanding:
> >
> > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string:
> > [1] root's password
> >
> > [b] ssh [EMAIL
Vineet Kumar wrote:
>
> * Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]:
> > Here's my lack of understanding:
> >
> > [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string:
> > [1] root's password
> >
> > [b] ssh [EMAIL PROTECTED] requires cracking three (3) separate
> > str
* Michael D. Schleif ([EMAIL PROTECTED]) [020521 12:10]:
> Here's my lack of understanding:
>
> [a] ssh [EMAIL PROTECTED] requires cracking only one (1) string:
> [1] root's password
>
> [b] ssh [EMAIL PROTECTED] requires cracking three (3) separate
> strings:
> [1] mortal_user's username
On Tue, 21 May 2002 20:50:57 +0100
"Colin Watson" <[EMAIL PROTECTED]> wrote:
> Somebody who's allowed to run processes as you can, e.g., hijack your X
> display and install a keystroke logger.
Correct. However, this is still an extra step for the would-be cracker.
Security is all about layering
On Tue, May 21, 2002 at 01:55:24PM -0500, Dave Sherohman wrote:
> On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> > Do you check for processes running under your uid every time you run su?
>
> There's (obviously) something I'm still missing here... Why is that
> relevant?
Somebod
On Tue, May 21, 2002 at 01:55:24PM -0500, Dave Sherohman wrote:
> On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> > Do you check for processes running under your uid every time you run su?
>
> There's (obviously) something I'm still missing here... Why is that
> relevant? su only
Colin Watson wrote:
>
> On Mon, May 20, 2002 at 01:37:49PM -0500, Jamin W. Collins wrote:
> > On Mon, 20 May 2002 19:01:50 +0100
> > "Colin Watson" <[EMAIL PROTECTED]> wrote:
> > > Not in woody and sid, at least. See the paragraphs in
> > > /usr/share/doc/ssh/README.Debian headed "PermitRootLogin
On Tue, May 21, 2002 at 08:54:15PM +0200, Hans Ekbrand wrote:
> On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> > > How so? Regularly sudo'ing, sure, since that uses the user's password
> > > as a (hopefully limited) root password.
>
> On the contrary, since sudo'ing does not req
On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> Do you check for processes running under your uid every time you run su?
There's (obviously) something I'm still missing here... Why is that
relevant? su only raises the priviliges of a single session, as can
be readily observed by
On Tue, May 21, 2002 at 07:44:10PM +0100, Colin Watson wrote:
> On Tue, May 21, 2002 at 01:23:20PM -0500, Dave Sherohman wrote:
> > On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote:
> > > Like the document says, regularly su'ing to root from an account makes
> > > compromising that acco
On Tue, May 21, 2002 at 01:23:20PM -0500, Dave Sherohman wrote:
> On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote:
> > Like the document says, regularly su'ing to root from an account makes
> > compromising that account essentially equivalent to compromising root
> > anyway.
>
> How s
On Mon, May 20, 2002 at 08:26:11PM +0100, Colin Watson wrote:
> Like the document says, regularly su'ing to root from an account makes
> compromising that account essentially equivalent to compromising root
> anyway.
How so? Regularly sudo'ing, sure, since that uses the user's password
as a (hope
On Mon, 2002-05-20 at 15:37, Jamin W.Collins wrote:
> On Mon, 20 May 2002 20:26:11 +0100
> "Colin Watson" <[EMAIL PROTECTED]> wrote:
>
> > Like the document says, regularly su'ing to root from an account makes
> > compromising that account essentially equivalent to compromising root
> > anyway. I
On Mon, 20 May 2002 20:26:11 +0100
"Colin Watson" <[EMAIL PROTECTED]> wrote:
> Like the document says, regularly su'ing to root from an account makes
> compromising that account essentially equivalent to compromising root
> anyway. I don't see a problem with the default configuration, and nor do
>
On Mon, May 20, 2002 at 01:37:49PM -0500, Jamin W. Collins wrote:
> On Mon, 20 May 2002 19:01:50 +0100
> "Colin Watson" <[EMAIL PROTECTED]> wrote:
> > Not in woody and sid, at least. See the paragraphs in
> > /usr/share/doc/ssh/README.Debian headed "PermitRootLogin set to yes".
>
> Man, talk about
On Mon, 20 May 2002 19:01:50 +0100
"Colin Watson" <[EMAIL PROTECTED]> wrote:
> On Mon, May 20, 2002 at 12:37:28PM -0500, Dave Sherohman wrote:
> > ...unless you're on a system which is configured to disallow remote
> > root logins via ssh. (Such as, say, the default Debian
> > configuration.)
>
16 matches
Mail list logo
