Re: Getting ready for CentOS 5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Michael A. Peters wrote:
> Christopher Chan wrote:
>
>   
>> start/stop' though from Intrepid onwards I believe. There is no root 
>> account by default.
>>     
>
> There is a root account, you just can't access it w/o setting it's password.
>   
Oh you can. sudo -i. Now go away.
> And as soon as you do set it's password, I highly recommend you then 
> completely disable and lock down the very insecure sudo defaults.
>   
And pick up the pieces. You do know that certain services are tightly 
tied into the way things are currently set up?
> The way OS X / ubuntu / etc configure sudo is something I highly 
> disagree with. By default, all a cracker needs is to get a local 
> uname/password for an admin user and he can then spawn a root shell.
>   
Not getting into that argument.
> With sudo disabled, the cracker must also have a local exploit that gets 
> past SELinux. Assuming Ubuntu supports SELinux (does it?)

Unfortunately, yes...but not as extensive as RHEL. So not quite a win 
for Ubuntu yet in helping you guys migrate. Soon I am going to get 
banned. :-D
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux