On Fri, 2003-11-07 at 09:10, J. Bruce Fields wrote: > On Fri, Nov 07, 2003 at 08:19:00AM -0600, Ron Johnson wrote: > > On Fri, 2003-11-07 at 07:55, J. Bruce Fields wrote: > > > Why not? They already have physical access to the machine, what more > > > would you give up to them by telling them the root password? For a home > > > computer, I don't see much reason not to just stick the root password on > > > a post-it note on the monitor.... You already trust anyone that's in a > > > position to see it. > > > > And if a not-so-trustworthy "friend" or acquaintance wanders by, > > he can destroy you. > > Sure. And the attack (memorize the password, go home, ssh in and do the > dirty deed) is usually going to be easier than the attack without the > password (remove the drive, do something with it, put it back in; or, if > the BIOS is unprotected, just boot to your own floppy/cd). But I'd > still argue that in a lot of situations the root-password-on-the-monitor > is a pretty reasonable risk.
You're making the social engineer's job soooo easy. > > The all-privilege sudo is the best idea, since the actions are > > audited. > > Though note that the auditing is there to keep the honest honest--surely > the audit trail isn't truly secure against an user with "all-privilege > sudo". But if the roommate doesn't know about it.... -- ----------------------------------------------------------------- Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA "Millions of Chinese speak Chinese, and it's not hereditary..." Dr. Dean Edell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
