James G. Sack (jim) wrote:
Ralph Shumaker wrote:
..
If I run X as rafael, and someone uses an exploit to crack rafael, they
could conceivably use passwd to set their own password. This seems like
a bad thing in a very direct way if rafael also has full sudo
privileges. But they could probably, almost as easily, set a keystroke
sniffer and wait for rafael to pull up a gnome-terminal and "su -" to
root. Maybe I should only become su on a console (F1-F6)???
I am far from the most paranoid guy on the block, but neither am I
naive, and I don't really spend much time worrying that somebody will
exploit a bug in javascript (or something like that) when I am online
and get access to my machine as <me>. I am behind a firewall that I have
some confidence in (arguably misplaced, since I haven't audited the
source), and I know that I am not running any services that I don't know
about. I pay attention to what services are running and if I ever found
something I didn't install/enable, I would sequester that machine (or
disk) and install a fresh OS to replace it.
My point was merely to find out this: If someone was to _remotely_
crack rafael and set a keystroke logger, would the logger be able to
catch keystrokes entered at one of the login prompts on consoles F1-F6?
I'm sure that if I log in there as rafael, *then* the logger probably
would be able to log keystrokes. But what about *before* logging in?
At the login prompt? I'm guessing that if I never do anything with root
privileges while logged in as rafael who's (connected to the web), then
root exploits should be minimized, right? My question is that if I
enter user (and root) passwords only at login prompts, sniffers
installed with the privileges of a cracked regular user should never be
able to gain the passwords, right? Not even the password of the cracked
user, right?
That reminds me. If I log into X as rafael, then [Ctrl][Alt][F1], log
in as root on that console, can I (from there) launch some gui program
into rafael's X session on [F7]? Like for example, gnome-terminal?
Assuming for a moment that user rafael (with no sudo access) were to get
cracked and subsequently slipped a keystroke sniffer, this would be a
way for rafael to get a root gnome-terminal without entering any
passwords where sniffers might be able to watch, right?
Maybe I'm just being overly paranoid.
In any case, I think I need to regularly check running services.
Nor do I worry about somebody pointing some spookish hi-tech device at
my keyboard or screen. If someone were targeting me, they could most
easily just break in and steal (or bug/sabotage) my computer. I just
don't try to protect against that risk.
I wouldn't either. That is a local, physical exploit, difficult to
guard against and almost as hard to detect. But I _do_ want to minimize
my risk of remote exploits and password sniffers.
No doubt there are risks I am not aware of and a possibility of some
intrusion installing something sophisticated that I couldn't easily
detect, but I have decided not to worry about it. I do feel I have
reduced security risks to below the risk of hardware failure or
accidental operator error.
Regards,
..jim (Everything is a tradeoff)
Thanks. I needed that reassurance.
--
I sincerely believe the banking institutions having the issuing power of
money, are more dangerous to liberty than standing armies.
--Thomas Jefferson
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
