From owner-freebsd-questions  Wed Mar 11 21:43:29 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA09727
          for freebsd-questions-outgoing; Wed, 11 Mar 1998 21:43:29 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from ophelia.uoregon.edu (sharding@ophelia.uoregon.edu [128.223.194.42])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA09704
          for <freebsd-questions@FreeBSD.ORG>; Wed, 11 Mar 1998 21:43:18 -0800 (PST)
          (envelope-from sharding@ophelia.uoregon.edu)
Received: from localhost (sharding@localhost)
	by ophelia.uoregon.edu (8.8.7/8.8.7) with SMTP id VAA05562;
	Wed, 11 Mar 1998 21:43:13 -0800 (PST)
	(envelope-from sharding@ophelia.uoregon.edu)
Date: Wed, 11 Mar 1998 21:43:13 -0800 (PST)
From: Sean Harding <sharding@ophelia.uoregon.edu>
Reply-To: Sean Harding <sharding@oregon.uoregon.edu>
To: Doug White <dwhite@resnet.uoregon.edu>
cc: Leif Neland <leifn@image.dk>, freebsd-questions@FreeBSD.ORG
Subject: Re: How do you assign the ROOT user to be able to access via TELNET?
In-Reply-To: <Pine.BSF.3.96.980311212210.16485Y-100000@gdi.uoregon.edu>
Message-ID: <Pine.BSF.3.96.980311213530.4119I-100000@ophelia.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 11 Mar 1998, Doug White wrote:

> On 11 Mar 1998, Leif Neland wrote:
> > Why, really?
> > 
> > What's the difference between getting the rootpassword sniffed at
> > login, and when su'ing? Other than the sniffer probably need to snif both your

There are also issues beyond sniffing. If someone compromises your root
password in any way, and is able to access via the internet without going
through a user account first, it is that much easier. Also, suing creates
a log entry of who sued when (obviously this could be easily removed from
the logs unless you have some form of secure logging going on). It's
basically a matter of every little bit helps. There are no good reasons to
allow it and plenty of good reasons not to allow it.

Sean

-- 
"Believe me, the truth is we're not honest. Not the people that we dream."
 --10,000 Maniacs, "Eden"
	Sean Harding, sharding@oregon.uoregon.edu
		http://gladstone.uoregon.edu/~sharding/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message