On Sun, Dec 07, 2003 at 11:28:41AM -0800, Tom wrote: > If I have a firewall, and I'm the only person who uses my computer, do I > really have to have a password on my non-root account? > > I know the answer is "yes" but -- why? They can't do anything to my > machine anyway, except use it. And due to the firewall that never > happens anyway. >
The firewall probably mostly protects you computer although most probably it can be broken through if someone really wants to (the old saying that if there is a door then there is a way through it). As for the user password. Just as an example look at the break in into the Debian system. This was done using a regular user's password that was sniffed on another computer and then a local buffer overflow (there is usually at list one floating around) was used to get the root password. Thus, if someone who knows what s/he is doing gets through you firewall then they most probably can get full root privilege. Its all a question of convenience versus how secure you want to feel. Another option you can use is to enable password less login in gdm (probably others can do this too). Thus a person would need physical access to the computer to actually log in without a password. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
