John Galt <[EMAIL PROTECTED]> writes: > that's what happened--the EPIC hole gave user. monkey.org (Dug Song) was > using standard security practice at that point, it's just for > convenience's sake, the user had a few things screened, including a > rootshell, probably because of the traditional Conventional Wisdom of not > permitting any remote logins of root. I find this kind of ironic in > another sense, as Dug Song is the author of a Man in the Middle tool that > works against older SSHes....
Depends.. if you manage to intercept the user's password, you can type it into sudo just like they do and get the same level of root privelege. In that case, not leaving screen running would have still been as bad. No doubt this is why tightening sudo down is a good idea. ~Tim -- <http://spodzone.org.uk/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
