On Wednesday 30 March 2005 08:36 am, Ray Olszewski wrote: > Any other suggestion of how to become root without knowing the root > password is a technique for breaking into systems, and I (and I hope > everyone else) will not give advice on that publicly, in this forum or > anywhere else.
I respectfully disagree. How will sysadmins ever know how to secure their systems unless they know HOW break-ins occur. Certainly most hacking doesnt come from boot CDs but having a more informed sysadmin is infinitely better than one that only discovers how to make their system more secure *AFTER* being broken into.
What you are saying is that security through obscurity is good and there have been countless rebuttals on just how horrible security though obscurity is in 99% of the situations. The only reason for S.T.O. is a company that found an exploit and is giving lead-time to the vendor to patch their vulnerable software.
I wasn't quite saying that, and I apologize if my abbreviated presentation led you down that path. My reluctance was specific to this context, in which someone was asking not how to secure a system, but how to become root without knowing the root password. That it was his own system he wanted to break into certainly is relevant, but, on a public list, it is not the only consideration.
I do believe that sysadmins need to know how to secure thair systems. There are plenty of sites on the Internet, and books and articles in print, that offer this sort of help. And one can learn how to secure systems without receiving detailed tutorials in how to exploit common holes (buffer overflows, overprivileged daemons, weak passwords, and so on).
But I also believe that giving step-by-step instructions for how to break into systems, on a list intended for beginners, is not the best way to make this information public. That sort of help is a bit more than fighting "security through obscurity" by identifying vulnerabilities, in my opinion ... it amounts to tutoring crackers, something I personally do not care to do. Particularly in the context of the actual question, which involved a system that the poster (presumably) had physical access to, so could retake control of with a rescue disk.
If you (and Tobias, and anyone else) feel differently, then you should act on your beliefs and provide this sort of information on request, I suppose. So I do apologize for the suggestion that my personal view here should restrict what you and others do. Please feel free to provide any information of this sort that you have, and be sure I will not criticize you for doing so.
- To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs
