begin quoting Gregory K. Ruiz-Ade as of Thu, Nov 29, 2007 at 02:04:28PM -0800: > On Nov 29, 2007, at 11:04 AM, Michael O'Keefe wrote: > > >What does it matter ? > >That user is exposed, nobody else is > > And when that user has exposed credentials that would in turn grant > greater access to another system? > > Say, for example, I exposed my login credentials. You log in to a > machine as me, and then: > > 1) try to sudo to root using my credentials. > > 2) look in my ~/.ssh/known-hosts file > > 3) connect to each of those hosts, banking on the fact that I either > used the same password on all of them, or they're all using the same > central authentication service
..or using authorized_keys... > 4) try to sudo to root on each of those systems using my credentials. > > The potential for damage is great, if you capture the right user's > credentials. 5) drop a program into your system (named, say, .^H.) that gets run on startup and watches for you to run sudo, and then runs sudo right after. -Stewart -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
