From owner-freebsd-questions@FreeBSD.ORG  Fri May 29 08:31:24 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C8B9C106566B
	for <freebsd-questions@freebsd.org>;
	Fri, 29 May 2009 08:31:24 +0000 (UTC)
	(envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DA298FC18
	for <freebsd-questions@freebsd.org>;
	Fri, 29 May 2009 08:31:24 +0000 (UTC)
	(envelope-from perryh@pluto.rain.com)
Received: from agora.rdrop.com (66@localhost [127.0.0.1])
	by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n4T8VNp1011014
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Fri, 29 May 2009 01:31:24 -0700 (PDT)
	(envelope-from perryh@pluto.rain.com)
Received: (from uucp@localhost)
	by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n4T8VNkZ011013; 
	Fri, 29 May 2009 01:31:23 -0700 (PDT)
Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407)
	id AA06448; Fri, 29 May 09 01:30:33 PDT
Date: Fri, 29 May 2009 01:29:43 -0700
From: perryh@pluto.rain.com
To: wojtek@wojtek.tensor.gdynia.pl
Message-Id: <4a1f9cf7.UEl7lAiK4FGe5eG7%perryh@pluto.rain.com>
References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th>
	<200905280847.12966.kirk@strauser.com>
	<alpine.BSF.2.00.0905281553001.60364@wojtek.tensor.gdynia.pl>
	<200905280904.44025.kirk@strauser.com>
	<20090528183801.82b36bbb.freebsd@edvax.de>
	<alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl>
In-Reply-To: <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl>
User-Agent: nail 11.25 7/29/05
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Remotely edit user disk quota
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2009 08:31:25 -0000

Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote:

> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.

I don't buy this, given that root's login name is well known :)

If a system accepts remote root logins, an attacker need only guess
or intercept one thing -- the root password -- to log in with root
privileges.  If it does not accept remote root logins, that attacker
must guess or intercept three things:  the login name of a user in
the wheel group, that user's password, and also the root password.