also sprach Adam Warner [EMAIL PROTECTED] [2002.01.20.0245 +0100]:
If the use of switch user has remote security implications I want to
be able to understand them. The same as I want to be able to
understand if leaving a root console open has remote security
implications. Don't worry about
On Mon, 2002-01-21 at 23:40, martin f krafft wrote:
snip
nevertheless, leave a root console open on a production machine really
just calls for trouble. imagine you are about to head for lunch with a
friend, but you decide to check something in the server room quickly.
while you stare at
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the same security
practices
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
Hi everyone,
...
The question I have is if I su - username and then browse the web,
etc. is it impossible for a remote user who managed to gain access to
that user session to become
On Tue, 2002-01-22 at 03:11, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are
On Tue, 2002-01-22 at 07:41, Federico Grau wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
Hi everyone,
...
The question I have is if I su - username and then browse the web,
etc. is it impossible for a remote user
martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2304 +0100]:
as sad as it sounds, unlawful intruders happen. this being a true
story, i have 11 machines in my spare room, and my house was broken
in once. the *only* thing the intruder did was reboot one of the
machines (that was his
also sprach Dave Kline [EMAIL PROTECTED] [2002.01.21.2340 +0100]:
Woah, that does sound a little far-fetched. I am assuming there is a
little more to this story? I would think most *physical* intruders
would try to nab DVD players, valuables, and money, not wander into a
spare room and whip
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2307 +0100]:
Federico, are you saying that if you su - to a user account (from root)
and then start X that you are running X as root? If so that is a major
problem.
no, he actually says that with exec, you should theoretically be more
On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2307 +0100]:
Federico, are you saying that if you su - to a user account (from root)
and then start X that you are running X as root? If so that is a major
problem.
no, he actually
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.20.0245 +0100]:
If the use of switch user has remote security implications I want to
be able to understand them. The same as I want to be able to
understand if leaving a root console open has remote security
implications. Don't worry about
On Mon, 2002-01-21 at 23:40, martin f krafft wrote:
snip
nevertheless, leave a root console open on a production machine really
just calls for trouble. imagine you are about to head for lunch with a
friend, but you decide to check something in the server room quickly.
while you stare at your
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the same security
practices
On Tue, 2002-01-22 at 03:11, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well
On Tue, 2002-01-22 at 07:41, Federico Grau wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
Hi everyone,
...
The question I have is if I su - username and then browse the web,
etc. is it impossible for a remote user
martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2304 +0100]:
as sad as it sounds, unlawful intruders happen. this being a true
story, i have 11 machines in my spare room, and my house was broken
in once. the *only* thing the intruder did was reboot one of the
machines (that was his
also sprach Dave Kline [EMAIL PROTECTED] [2002.01.21.2340 +0100]:
Woah, that does sound a little far-fetched. I am assuming there is a
little more to this story? I would think most *physical* intruders
would try to nab DVD players, valuables, and money, not wander into a
spare room and whip
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2307 +0100]:
Federico, are you saying that if you su - to a user account (from root)
and then start X that you are running X as root? If so that is a major
problem.
no, he actually says that with exec, you should theoretically be more
On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.21.2307 +0100]:
Federico, are you saying that if you su - to a user account (from root)
and then start X that you are running X as root? If so that is a major
problem.
no, he actually
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.19.2304 +0100]:
Firstly the servers are physically secure and there is no relevant issue
about having a local root console open for administration purposes.
mh. no comment. sure, if physical access would be available, no box is
secure. but
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.19.2304 +0100]:
The question I have is if I su - username and then browse the web,
etc. is it impossible for a remote user who managed to gain access to
that user session to become root by exiting out of the user account?
an addition: your
On Sun, 20 Jan 2002 00:41:48 +0100
martin f krafft [EMAIL PROTECTED] wrote:
ensured it foolish. fourth, it really just sounds bad. fifth, did i
say it sounds bad?
I'd just like to take a quite moment to second this.
Security is an attitude, not any single set of procedures. It can't be
On Sun, 2002-01-20 at 15:16, Kevin Littlejohn wrote:
On Sun, Jan 20, 2002 at 02:45:53PM +1300, Adam Warner wrote:
Can anyone provide a plausible scenario for how someone might be able to
gain root level access because su - has been used to switch to a user
account. Martin has already
Hi everyone,
I'm just wondering about the safety of this security practice.
Firstly the servers are physically secure and there is no relevant issue
about having a local root console open for administration purposes.
The question I have is if I su - username and then browse the web,
etc. is it
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.19.2304 +0100]:
Firstly the servers are physically secure and there is no relevant issue
about having a local root console open for administration purposes.
mh. no comment. sure, if physical access would be available, no box is
secure. but
On Sun, Jan 20, 2002 at 02:45:53PM +1300, Adam Warner wrote:
Can anyone provide a plausible scenario for how someone might be able to
gain root level access because su - has been used to switch to a user
account. Martin has already answered that your tty session would have to
be stolen. How
On Sun, 2002-01-20 at 15:16, Kevin Littlejohn wrote:
On Sun, Jan 20, 2002 at 02:45:53PM +1300, Adam Warner wrote:
Can anyone provide a plausible scenario for how someone might be able to
gain root level access because su - has been used to switch to a user
account. Martin has already
29 matches
Mail list logo