But my understanding was that we're talking PC here, not server. Right?
On Sat, Apr 30, 2011 at 10:14 PM, Patricia Campbell < [email protected]> wrote: > IMHO It is dangerous to / you can never assume none of the users are > hostile any userid can be an ingress, point did you read the hbgary story ? > > http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars > > It is easier to bolt the barn door than find the horse... > > <http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars> > On Sat, Apr 30, 2011 at 9:44 PM, Yanik Doucet <[email protected]> wrote: > >> The way I see it, users shouldn't be able to use sudo system wide à la >> Ubuntu. Having a customized sudoers config would be highly recommended. >> There isn't that much tasks a user would want to do as root, aside from >> applying updates. And I would configure it password-less too. That way if >> a simple user gets compromised by some script on a webpage, script can't >> sniff the user's password. >> >> As for doing root tasks, the best practice would be to alt-f1 for example. >> Anything done in a real TTY can't be sniffed as it's outside of X. >> >> I did try the simple example given in the link, and it actually sniffed >> when a key is pressed and when it is released. But it only gives a key >> number and I just can't find the documentation with the keyboard keys >> mapping. It's not ascii. Any ideas? >> >> >> >> On Sat, Apr 30, 2011 at 8:01 PM, Jeremy <[email protected]> wrote: >> >>> On 11-04-30 02:39 PM, Leslie S Satenstein wrote: >>> >>>> I understood that X was not designed with security in mind. I have this >>>> question, given a small environment of 3-4 users, all of which are >>>> locally attached. >>>> >>>> Is my use of root, given these users are all local on the system with >>>> Gnome, a risk if none of the users are hostile? >>>> >>>> If someone logs into the system with remote desktop, (not happening >>>> during the day), is he able to see all the keypresses, as outlined in >>>> the link I was referred to in the previous emails? >>>> >>>> If he/she has to be on the system, and go through the effort to capture >>>> my Gnome keystrokes, then what is the danger of a breech from remote >>>> logon (secure telnet via putty)? Just because a danger is possible from >>>> a local user only, what is the risk to using root under Gnome? Is the >>>> risk any less with Gnome3 or XFCE? The local user's are doing authoring >>>> of material and may from time to time, access Google or other search >>>> engine. >>>> >>> >>> I think it is easiest to say that elevating privileges is a better way to >>> do handle it. Give the program you want to run root privileges, not the >>> user. >>> >>> If you make a shortcut (application starter) and just put sudo (or >>> gksudo) before the command it will pop up a password prompt and just that >>> process is running with root privileges. >>> >>> A good trick as well is to use the sudoers file and specify programs >>> users should be allowed to run, and you can also specify that no password is >>> needed for certain users on certain programs. >>> >>> There just is no good reason to run as root, since all it takes is a sudo >>> call to get there. Plus no need to log out and log in again as root to do >>> things. >>> >>> I'll let someone else answer whether keystrokes can be captured and so on >>> ;) >>> >>> Jeremy >>> _______________________________________________ >>> mlug mailing list >>> [email protected] >>> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >>> >> >> >> _______________________________________________ >> mlug mailing list >> [email protected] >> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca >> >> > > > -- > ___..___........__.......__ > ...|....|__/....|...|......|...|__| > ...|....|.....\...|...|__..|...|....| > > "You must be the change you wish to see in the world." Mohandas K Gandhi > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > >
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
