Date: Sat, 30 May 2009 09:20:44 +0100 From: Chris Rees <utisoft@googlemail.com> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: perryh@pluto.rain.com, freebsd-questions@freebsd.org Subject: Re: Remotely edit user disk quota Message-ID: <b79ecaef0905300120l79aee6ei126cc1c907494080@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl> References: <200905281030.n4SAUXdA046386@banyan.cs.ait.ac.th> <200905280847.12966.kirk@strauser.com> <alpine.BSF.2.00.0905281553001.60364@wojtek.tensor.gdynia.pl> <200905280904.44025.kirk@strauser.com> <20090528183801.82b36bbb.freebsd@edvax.de> <alpine.BSF.2.00.0905282129560.61809@wojtek.tensor.gdynia.pl> <4a1f9cf7.UEl7lAiK4FGe5eG7%perryh@pluto.rain.com> <alpine.BSF.2.00.0905291249220.10254@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/5/29 Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>: >> Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote: >> >>> Even 15 seconds of thinking is enough to understand that logging >>> to other user and then su - gives completely no extra security. >> >> I don't buy this, given that root's login name is well known :) > > if someone can intercept the passwords you type, then he/she will intercept > both user password you log in and then su password you type. > > He/she actually can gain more if you use su, as you may use the same user > password somewhere else. But we're talking about vulnerability to dictionary and brute-force attacks. You'd have to first: Ascertain a username in the wheel group. Brute-force that password. THEN, you need to brute-force root's password. Chris -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b79ecaef0905300120l79aee6ei126cc1c907494080>