Ralph Shumaker wrote: >.. > My point was merely to find out this: If someone was to _remotely_ > crack rafael and set a keystroke logger, would the logger be able to > catch keystrokes entered at one of the login prompts on consoles F1-F6? > I'm sure that if I log in there as rafael, *then* the logger probably > would be able to log keystrokes. But what about *before* logging in? > At the login prompt? I'm guessing that if I never do anything with root > privileges while logged in as rafael who's (connected to the web), then > root exploits should be minimized, right? My question is that if I > enter user (and root) passwords only at login prompts, sniffers > installed with the privileges of a cracked regular user should never be > able to gain the passwords, right? Not even the password of the cracked > user, right?
As Greg has said, getting equivalent to shell access opens the door to lots of bad things. Including escalating to root, by keylogging or maybe some local vulnerability in a standard program. But I'm wondering just what you mean by "If someone was to _remotely_ crack rafael"? Perhaps you're imagining some wizard or script kiddie being able to get into your computer whenever they wish? The purpose of not running services is to prohibit allowing externally-initiated connections -- so wizards-or-whatever have no ability to jump into your computer at will. If some vulnerability is suddenly discovered in http (or smtp or pop/imap), you may be at risk (until an update fixes the bug) _if_ you stumble upon some site where a baddie is actively checking everyone that comes by and trying to execute an exploit. Vulnerabilities are not always exploitable, and a successful exploit may not even produce shell access, so your risk is actually lower than you may be thinking, so I wouldn't lose a lot of sleep over it. Just keep updating security fixes. > > That reminds me. If I log into X as rafael, then [Ctrl][Alt][F1], log > in as root on that console, can I (from there) launch some gui program > into rafael's X session on [F7]? Like for example, gnome-terminal? > Assuming for a moment that user rafael (with no sudo access) were to get > cracked and subsequently slipped a keystroke sniffer, this would be a > way for rafael to get a root gnome-terminal without entering any > passwords where sniffers might be able to watch, right? I don't think it's necessary or useful to choreograph the exact path; if someone gets shell access they can access all your files, add, change or delete all kinds of things, open outgoing connections, run cron jobs, install sniffers, and with enough luck/work, probably get root access. > > Maybe I'm just being overly paranoid. Paranoid is good; overly paranoid starts becoming counter-productive; where's the correct balance? > > In any case, I think I need to regularly check running services. Yes! (Note to self: me too!) >.. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
