Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:

> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.

I don't buy this, given that root's login name is well known :)

If a system accepts remote root logins, an attacker need only guess
or intercept one thing -- the root password -- to log in with root
privileges.  If it does not accept remote root logins, that attacker
must guess or intercept three things:  the login name of a user in
the wheel group, that user's password, and also the root password.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to