Draft Stratum 1 Microserver HOWTO is up
Gary E. Miller
gem at rellim.com
Fri May 20 23:56:54 UTC 2016
Yo Frank!
On Fri, 20 May 2016 19:33:26 -0400
Frank Nicholas <frank at nicholasfamilycentral.com> wrote:
> Even if a root password has not been set, if the user is in
> “/etc/sudoers”, the user can change to root with `sudo su -`.
sudoers is one of the major dumb mistakes of the last decade. sudo
just asks the current user for his current password, the same password
that he logged in with and just got sniffed.
So any simple dictionary attack tht just cracked your account also just
got root.
One important misunderstood part of su si that it asks you for the root
password, which should be different than the user password. Poor man's
two factor authentication.
I could rant on sudo for hours, but I'll pause now...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160520/7aa6a324/attachment.bin>
More information about the devel
mailing list