Date: Thu, 3 Feb 2005 14:43:39 +0100 From: Gert Cuykens <gert.cuykens@gmail.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Chris Hodgins <chodgins@cis.strath.ac.uk> Subject: Re: xhost +localhost Message-ID: <ef60af0905020305433c03cc4c@mail.gmail.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNEEDHFAAA.tedm@toybox.placo.com> References: <ef60af0905020218193eea1fc9@mail.gmail.com> <LOBBIFDAGNMAMLGJJCKNEEDHFAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt <tedm@toybox.placo.com> wrote: > > > Don't want to be rude but do you have a specific reason for running > > > xscreensaver as root? > > > > > > Chris > > > > Well the reason is very simple actuale lets pretend we have a user > > gert. User gert has alot of pictures and music stuff phone numbers > > user gert dont want does things to be gone. Somebody hacks user gert > > because user gert uses a screensaver. And the hacker deletes all > > files. User gert is not happy because he lost everything. Do you think > > user gert gives a chit that the system was untouched because the > > hacker did not had root permission ? > > > > For me its wrong to think user accounts are not importend because they > > do for the average window xp single user. They dont care about viruses > > infection on there system reinstalling everything they care about > > there files. So if sreensaver is a securty risc as root i doesnt mean > > its not a security risck for a user account. The only differens > > between a root and user should be that users can not read or mess with > > other users files. The security sould be EXACTLY the same. So if root > > can not run a screensaver then the users can also not run a > > screensaver. > > While all of this is very interesting academic, if user Gert is dumb > enough to leave the console of his UNIX system accessible then user > Ted can come along and power cycle it into single user mode and wipe his > disks whether he has the root password or not. > > Or, are you assuming that the 'bios' passwords in the typical PC are > immune from 60 seconds of CMOS battery removal? > > Ted Can a non root user shutdown a pc ? PS does your pc have a power cable :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef60af0905020305433c03cc4c>