Yo Frank! On Fri, 20 May 2016 19:33:26 -0400 Frank Nicholas <fr...@nicholasfamilycentral.com> wrote:
> Even if a root password has not been set, if the user is in
> “/etc/sudoers”, the user can change to root with `sudo su -`.
sudoers is one of the major dumb mistakes of the last decade. sudo
just asks the current user for his current password, the same password
that he logged in with and just got sniffed.
So any simple dictionary attack tht just cracked your account also just
got root.
One important misunderstood part of su si that it asks you for the root
password, which should be different than the user password. Poor man's
two factor authentication.
I could rant on sudo for hours, but I'll pause now...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
pgpC2GuGsA_8O.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
