Date: Wed, 28 Feb 1996 09:03:14 -0500 (EST) From: ewb@zygaena.com To: cschuber@orca.gov.bc.ca, freebsd-security@FreeBSD.org Subject: Re: Informing users of cracked passwords? Message-ID: <199602281403.JAA05423@lochsa.i.com>
next in thread | raw e-mail | index | archive | help
Cy Schubert wrote: >If a user trusts an account on another host and that host has been >hacked, you have to assume your host has been compromised as well. >You cannot assume otherwise because you have no evidence to the >contrary. Once a hacker has an account on a system you or your users >trust, it's just a matter of time before the hacker has root on your >system. This is a rather sweeping statement that I don't think is true in general. Certainly if there is root trust via /.rhosts and the hack has root on the trusted system then you're a goner. Otherwise, the hack simply has user level access - which I hope is not a *guarantee* that they can get root. Are you suggesting that root on every un*x (or FreeBSD?) system is inherently compromised by having untrusted users? If so, I hope that you are helping to plug the particular hole(s) that you know of! -- Will Brown ewb@zygaena.com Zygaena Network Services http://www.zygaena.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602281403.JAA05423>