Remotely edit user disk quota
Chris Rees
utisoft at googlemail.com
Sat May 30 08:21:09 UTC 2009
2009/5/29 Wojciech Puchar <wojtek at wojtek.tensor.gdynia.pl>:
>> Wojciech Puchar <wojtek at wojtek.tensor.gdynia.pl> wrote:
>>
>>> Even 15 seconds of thinking is enough to understand that logging
>>> to other user and then su - gives completely no extra security.
>>
>> I don't buy this, given that root's login name is well known :)
>
> if someone can intercept the passwords you type, then he/she will intercept
> both user password you log in and then su password you type.
>
> He/she actually can gain more if you use su, as you may use the same user
> password somewhere else.
But we're talking about vulnerability to dictionary and brute-force
attacks. You'd have to first:
Ascertain a username in the wheel group.
Brute-force that password.
THEN, you need to brute-force root's password.
Chris
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in a mailing list?
More information about the freebsd-questions
mailing list