Date: Wed, 11 Mar 1998 21:43:13 -0800 (PST) From: Sean Harding <sharding@ophelia.uoregon.edu> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Leif Neland <leifn@image.dk>, freebsd-questions@FreeBSD.ORG Subject: Re: How do you assign the ROOT user to be able to access via TELNET? Message-ID: <Pine.BSF.3.96.980311213530.4119I-100000@ophelia.uoregon.edu> In-Reply-To: <Pine.BSF.3.96.980311212210.16485Y-100000@gdi.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Mar 1998, Doug White wrote: > On 11 Mar 1998, Leif Neland wrote: > > Why, really? > > > > What's the difference between getting the rootpassword sniffed at > > login, and when su'ing? Other than the sniffer probably need to snif both your There are also issues beyond sniffing. If someone compromises your root password in any way, and is able to access via the internet without going through a user account first, it is that much easier. Also, suing creates a log entry of who sued when (obviously this could be easily removed from the logs unless you have some form of secure logging going on). It's basically a matter of every little bit helps. There are no good reasons to allow it and plenty of good reasons not to allow it. Sean -- "Believe me, the truth is we're not honest. Not the people that we dream." --10,000 Maniacs, "Eden" Sean Harding, sharding@oregon.uoregon.edu http://gladstone.uoregon.edu/~sharding/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980311213530.4119I-100000>