Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:
> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
If a system accepts remote root logins, an attacker need only guess
or intercept one thing -- the root password -- to log in with root
privileges. If it does not accept remote root logins, that attacker
must guess or intercept three things: the login name of a user in
the wheel group, that user's password, and also the root password.
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"