On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote: > > > Don't want to be rude but do you have a specific reason for running > > > xscreensaver as root? > > > > > > Chris > > > > Well the reason is very simple actuale lets pretend we have a user > > gert. User gert has alot of pictures and music stuff phone numbers > > user gert dont want does things to be gone. Somebody hacks user gert > > because user gert uses a screensaver. And the hacker deletes all > > files. User gert is not happy because he lost everything. Do you think > > user gert gives a chit that the system was untouched because the > > hacker did not had root permission ? > > > > For me its wrong to think user accounts are not importend because they > > do for the average window xp single user. They dont care about viruses > > infection on there system reinstalling everything they care about > > there files. So if sreensaver is a securty risc as root i doesnt mean > > its not a security risck for a user account. The only differens > > between a root and user should be that users can not read or mess with > > other users files. The security sould be EXACTLY the same. So if root > > can not run a screensaver then the users can also not run a > > screensaver. > > While all of this is very interesting academic, if user Gert is dumb > enough to leave the console of his UNIX system accessible then user > Ted can come along and power cycle it into single user mode and wipe his > disks whether he has the root password or not. > > Or, are you assuming that the 'bios' passwords in the typical PC are > immune from 60 seconds of CMOS battery removal? > > Ted
Can a non root user shutdown a pc ? PS does your pc have a power cable :) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
