On Thu, 2 Sep 2010, James Mckenzie wrote: > However, this portion of the thread is the first case where I could actually > state that this could be a MAJOR security hazard. Let's expand this: > > 1. An account with a weak password gets compromised. > 2. This account has a file added (either FTP/SFTP upload or a malicious > script is written). > 3. The ownership of this file is changed to a user with elevated privileges, > but not root.
This could be prevented by requiring notquiteroot's password. As an additonal layer, it might be good to require notquiteroot to make prior arrangements. > It is rather interesting, but if this is prevented, then the file remains > just a space waster... > > This is one of the functions of a good security system. -- Michael henne...@web.cs.ndsu.nodak.edu "Pessimist: The glass is half empty. Optimist: The glass is half full. Engineer: The glass is twice as big as it needs to be." -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
