Remotely edit user disk quota
perryh at pluto.rain.com
perryh at pluto.rain.com
Fri May 29 08:31:25 UTC 2009
Wojciech Puchar <wojtek at wojtek.tensor.gdynia.pl> wrote:
> Even 15 seconds of thinking is enough to understand that logging
> to other user and then su - gives completely no extra security.
I don't buy this, given that root's login name is well known :)
If a system accepts remote root logins, an attacker need only guess
or intercept one thing -- the root password -- to log in with root
privileges. If it does not accept remote root logins, that attacker
must guess or intercept three things: the login name of a user in
the wheel group, that user's password, and also the root password.
More information about the freebsd-questions
mailing list