Date: Thu, 12 Mar 1998 08:40:58 -0800 (PST) From: Brian Beattie <Brian_Beattie@Atlas.com> To: Leif Neland <leifn@image.dk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How do you assign the ROOT user to be able to access via TELNET? Message-ID: <Pine.BSF.3.96.980312082956.316A-100000@coyote.prepaid.atlas.com> In-Reply-To: <634_9803120015@swimsuit.swimsuit.roskildebc.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 Mar 1998, Leif Neland wrote: > At 11 Mar 98 10:28:26 Greg Lehey wrote regarding Re: How do you assign the ROOT > user to be able to access via TELNET? > > GL> You log in as yourself, and then use su to become root. All > GL> else is such an enormous security hole that you don't even want > GL> to think about it. > > Why, really? > > What's the difference between getting the rootpassword sniffed at > login, and when su'ing? Other than the sniffer probably need to snif both your > normal password, and the rootpassword, if he doesn't have one himself and are > in group wheel. > > There are a number of reasons for not logging in as root. I'm not sure any single one is compelling. Protection from sniffing is not one of them. One is that it then requires the hacker to guess/steal two passwords. Another is that it provides a better trail to determine who made changes to the system if the fault was unintentional, or you have secure logs. A final one is that it encourges useing "least privilege", i.e. using the least amount of "force" required to get the job done. I'm sure I could come up with others but the bottom line is that it is good pratice for various reasons. Note: that if I can sniff packets from your network, and passwords are in the clear, I very likely have complete access to every host on that network. Brian Beattie Atlas PrePaid Services Brian_Beattie@atlas.com 503.228.1400x4355 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980312082956.316A-100000>