On Thu, 2015-01-08 at 13:42 +0100, Jaroslav Reznik wrote: > = Proposed System Wide Change: Set sshd(8) PermitRootLogin=no = > https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no The discussion got rather long, but I didn't see one particular aspect discussed: > Remote users would not be allowed to login using 'root' account with a > password. They would have to login using an SSH key or first connect > using a non-root account and then upgrade their privileges via sudo(8) > or su -. Doesn't this make the systems actually _less_ secure? I sometimes do risky things with my regular account. I often process untrusted input I download from internet, often using tools that have serious security issues discovered (it doesn't have to be just flash or firefox, remember the binutils [1] or less [2] issues?). I'm sure many of us are similarly careless with their non-privileged accounts. [1] http://openwall.com/lists/oss-security/2014/10/23/5 [2] http://seclists.org/fulldisclosure/2014/Nov/74 There's a chance of a successful exploitation that would result in obtaining my privileges. Sure, gaining access to my account is bad enough, but if I run "su" or "sudo", they have root! I'm never sure if I'm talking to the actual tool. Something could have tampered with my shell and now is snooping for my password. The attacker could have ptrace()d my shell and switched execve("/bin/su") for execve("/tmp/uz_nejsu"). Or they could just have changed the $PATH in my .profile. I wouldn't notice! For this reason, I avoid privilege escalation when I need to conduct privileged operations, but open a separate session. The sshd daemon running with root privileges is more trustworthy to me than my user session. -1 for this change from me. Disallowing root logins and requiring me to use my regular account puts other users of the system in risk. Thank you, Lubo -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
