From owner-freebsd-security  Mon Nov 16 10:48:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA15050
          for freebsd-security-outgoing; Mon, 16 Nov 1998 10:48:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA15012
          for <freebsd-security@freebsd.org>; Mon, 16 Nov 1998 10:48:51 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zfThH-0001lo-00; Mon, 16 Nov 1998 11:48:23 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id LAA05123; Mon, 16 Nov 1998 11:47:45 -0700 (MST)
Message-Id: <199811161847.LAA05123@harmony.village.org>
To: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
Subject: Re: Would this make FreeBSD more secure? 
Cc: Terry Lambert <tlambert@primenet.com>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Mon, 16 Nov 1998 11:06:56 EST."
		<0qI4qUS00YUq09JbU0@andrew.cmu.edu> 
References: <0qI4qUS00YUq09JbU0@andrew.cmu.edu>  <199811151758.JAA15108@apollo.backplane.com> <199811152257.PAA02868@usr05.primenet.com> <19981116073914.F969@internal> 
Date: Mon, 16 Nov 1998 11:47:44 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <0qI4qUS00YUq09JbU0@andrew.cmu.edu> Thomas Valentino Crimi writes:
:   Let's not forget that without cracking the password of a 'wheel'
: member, su is still not going to let them in.  If you have no wheel
: members (ie, you only allow root access from console) all the password
: cracking in the world isn't going to give them root.  (of course, with a
: whole lot password cracking they'll have the password to every account
: on your box).

Unless you have something like sudo installed on your machine.  Then
all you need to do is crack one account to have root.  However, if you
don't have non-ssh logins enabled (and require that ssh logins come
from keys rather than just the password in the password file), then
you might be safe.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message