Wojciech Puchar <[email protected]> wrote: > Even 15 seconds of thinking is enough to understand that logging > to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :) If a system accepts remote root logins, an attacker need only guess or intercept one thing -- the root password -- to log in with root privileges. If it does not accept remote root logins, that attacker must guess or intercept three things: the login name of a user in the wheel group, that user's password, and also the root password. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
