Re: Getting ready for CentOS 5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Michael A. Peters wrote:
> 
>> start/stop' though from Intrepid onwards I believe. There is no root 
>> account by default.
> 
> There is a root account, you just can't access it w/o setting it's password.

sudo su -

> And as soon as you do set it's password, I highly recommend you then 
> completely disable and lock down the very insecure sudo defaults.
> 
> The way OS X / ubuntu / etc configure sudo is something I highly 
> disagree with. By default, all a cracker needs is to get a local 
> uname/password for an admin user and he can then spawn a root shell.

Errr, why is it easier to get an admin user's name and password than the 
root password?  The latter is much more likely to be shared, because in 
typical scenarios it has to be.

> With sudo disabled, the cracker must also have a local exploit that gets 
> past SELinux. Assuming Ubuntu supports SELinux (does it?)

No, it comes with AppArmor instead.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux