On Fri, 1 Apr 2005, Ray Olszewski wrote: > At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote: > >On Wednesday 30 March 2005 08:36 am, Ray Olszewski wrote: > > > Any other suggestion of how to become root without knowing the root > > > password is a technique for breaking into systems, and I (and I hope > > > everyone else) will not give advice on that publicly, in this forum or > > > anywhere else. > > > >I respectfully disagree. How will sysadmins ever know how to secure their > >systems unless they know HOW break-ins occur. Certainly most hacking doesnt > >come from boot CDs but having a more informed sysadmin is infinitely better > >than one that only discovers how to make their system more secure *AFTER* > >being broken into. > > > >What you are saying is that security through obscurity is good and there have > >been countless rebuttals on just how horrible security though obscurity is in > >99% of the situations. The only reason for S.T.O. is a company that found an > >exploit and is giving lead-time to the vendor to patch their vulnerable > >software. > > I wasn't quite saying that, and I apologize if my abbreviated presentation > led you down that path. My reluctance was specific to this context, in > which someone was asking not how to secure a system, but how to become root > without knowing the root password. That it was his own system he wanted to > break into certainly is relevant, but, on a public list, it is not the only > consideration. > > I do believe that sysadmins need to know how to secure thair systems. There > are plenty of sites on the Internet, and books and articles in print, that > offer this sort of help. And one can learn how to secure systems without > receiving detailed tutorials in how to exploit common holes (buffer > overflows, overprivileged daemons, weak passwords, and so on). > > But I also believe that giving step-by-step instructions for how to break > into systems, on a list intended for beginners, is not the best way to make > this information public. That sort of help is a bit more than fighting > "security through obscurity" by identifying vulnerabilities, in my opinion > ... it amounts to tutoring crackers, something I personally do not care to > do. Particularly in the context of the actual question, which involved a > system that the poster (presumably) had physical access to, so could retake > control of with a rescue disk. > > If you (and Tobias, and anyone else) feel differently, then you should act > on your beliefs and provide this sort of information on request, I suppose. > So I do apologize for the suggestion that my personal view here should > restrict what you and others do. Please feel free to provide any > information of this sort that you have, and be sure I will not criticize > you for doing so.
If anyone can break into `A', `Your', `Someone's' OS, by following only a few steps with ease - The World should know. Since it is only then that Users are able to define quality. J. - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs