Date: Thu, 03 May 2001 15:56:48 -0700 From: "Charles Burns" <burnscharlesn@hotmail.com> To: questions@freebsd.org Subject: OT: FreeBSD Security tip Message-ID: <F21lbpH71yEXUIEAOeI000043df@hotmail.com>
next in thread | raw e-mail | index | archive | help
I have a quick security tip. Not that I am of the calibre of expertise to make any recommendations to most of the people on this list, but this is fairly subtle and may not have been thought of by some. This is also for the FreeBSD newbie admins that may browse this list but not post. If there is a more appropriate place for this, or if it is completely obvious, please flame me and then set your software to ignore future messages from this email address after subscribing me to several hundred of your favorite Spam(R) lists. I have noticed that, with significant frequency, users in the "wheel" group make mistakes when typing in the root password such that all or part of the root password is actually typed onto the command-line rather than into su's input buffer. This happens occasionally when initially logging in as well. To prevent a potential snoop from looking at command logs or scrolling up IF at the local terminal (which is a security problem in and of itself) I set all users logoff scripts to delete their command log and clear the screen. Every little bit helps. :-P _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F21lbpH71yEXUIEAOeI000043df>