[plug] Interesting command that may make root access more fun ..

Gavin Chester sales at ecosolutions.com.au
Sat May 26 10:53:56 WST 2007


On Sat, 2007-05-26 at 03:38 +0800, Lyndon Maydwell wrote:
> Well I guess what I'm saying is that from a security standpoint, if a
> user has the ability to use 'sudo su' then you must assume that they
> have full access to your system. It will be too late to retract
> privileges from them later. Giving them root access will ensure that
> you're not harboring a false sense of security.
> 
> I do advocate the use of sudo, just not indiscriminate use.

You guys were freaking me out with news of this MASSIVE security
hole :-( Convenience, be damned! i don't want anybody having that level
of privileged access other than 'root'. So, I had to test both methods
and was able to breath easy:

gavin at linux:~> sudo su -
root's password:
Sorry, try again.
root's password:
Sorry, try again.
root's password:
sudo: 2 incorrect password attempts
gavin at linux:~> sudo -i
root's password:
Sorry, try again.

This a default install of suse10.1, so bless 'em for looking after
ignorant users like me ;-) Is it just unsafe with debian-based
distros, I wonder ;-)

Gavin





More information about the plug mailing list