2009/5/29 Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl>:
>> Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote:
>>> Even 15 seconds of thinking is enough to understand that logging
>>> to other user and then su - gives completely no extra security.
>> I don't buy this, given that root's login name is well known :)
> if someone can intercept the passwords you type, then he/she will intercept
> both user password you log in and then su password you type.
> He/she actually can gain more if you use su, as you may use the same user
> password somewhere else.

But we're talking about vulnerability to dictionary and brute-force
attacks. You'd have to first:

Ascertain a username in the wheel group.

Brute-force that password.

THEN, you need to brute-force root's password.


A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to