The way I see it, users shouldn't be able to use sudo system wide à la Ubuntu. Having a customized sudoers config would be highly recommended. There isn't that much tasks a user would want to do as root, aside from applying updates. And I would configure it password-less too. That way if a simple user gets compromised by some script on a webpage, script can't sniff the user's password.
As for doing root tasks, the best practice would be to alt-f1 for example. Anything done in a real TTY can't be sniffed as it's outside of X. I did try the simple example given in the link, and it actually sniffed when a key is pressed and when it is released. But it only gives a key number and I just can't find the documentation with the keyboard keys mapping. It's not ascii. Any ideas? On Sat, Apr 30, 2011 at 8:01 PM, Jeremy <[email protected]> wrote: > On 11-04-30 02:39 PM, Leslie S Satenstein wrote: > >> I understood that X was not designed with security in mind. I have this >> question, given a small environment of 3-4 users, all of which are >> locally attached. >> >> Is my use of root, given these users are all local on the system with >> Gnome, a risk if none of the users are hostile? >> >> If someone logs into the system with remote desktop, (not happening >> during the day), is he able to see all the keypresses, as outlined in >> the link I was referred to in the previous emails? >> >> If he/she has to be on the system, and go through the effort to capture >> my Gnome keystrokes, then what is the danger of a breech from remote >> logon (secure telnet via putty)? Just because a danger is possible from >> a local user only, what is the risk to using root under Gnome? Is the >> risk any less with Gnome3 or XFCE? The local user's are doing authoring >> of material and may from time to time, access Google or other search >> engine. >> > > I think it is easiest to say that elevating privileges is a better way to > do handle it. Give the program you want to run root privileges, not the > user. > > If you make a shortcut (application starter) and just put sudo (or gksudo) > before the command it will pop up a password prompt and just that process is > running with root privileges. > > A good trick as well is to use the sudoers file and specify programs users > should be allowed to run, and you can also specify that no password is > needed for certain users on certain programs. > > There just is no good reason to run as root, since all it takes is a sudo > call to get there. Plus no need to log out and log in again as root to do > things. > > I'll let someone else answer whether keystrokes can be captured and so on > ;) > > Jeremy > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
