On Sun, Dec 07, 2003 at 11:28:41AM -0800, Tom wrote:
> If I have a firewall, and I'm the only person who uses my computer, do I 
> really have to have a password on my non-root account?
> 
> I know the answer is "yes" but -- why?  They can't do anything to my 
> machine anyway, except use it.  And due to the firewall that never 
> happens anyway.
> 

The firewall probably mostly protects you computer although most
probably it can be broken through if someone really wants to (the old
saying that if there is a door then there is a way through it).
As for the user password. Just as an example look at the break in into
the Debian system. This was done using a regular user's password that
was sniffed on another computer and then a local buffer overflow (there
is usually at list one floating around) was used to get the root
password.
Thus, if someone who knows what s/he is doing gets through you firewall
then they most probably can get full root privilege.
Its all a question of convenience versus how secure you want to feel.
Another option you can use is to enable password less login in gdm
(probably others can do this too). Thus a person would need physical
access to the computer to actually log in without a password.

> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to