Wouldn't this be the main reason to use sudo?
On 6/21/06, Joco Salvatti <[EMAIL PROTECTED]> wrote:
>
> Thanks for all.
>
>
> On 6/21/06, Peter Landry <[EMAIL PROTECTED]> wrote:
> > I think that when you've given an attacker physical access to a machine
> with a root session open, there's not a whole lot OpenBSD (or any OS) can
> do... The attacker could also, with physical, attach a keystroke logger,
> unplug your machine, or any number of other bad/humorous things I'm not
> clever enough to think of -- no matter what OS is running on the system.
> >
> > Hope that allays some of your fears regarding OpenBSD in particular...
> >
> > Peter L.
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Joco Salvatti
> > Sent: Wednesday, June 21, 2006 1:23 PM
> > To: Misc OpenBSD
> > Subject: Doubts about OpenBSD security.
> >
> > My doubts may seem fool, so thanks in advance for those who will read
> > this e-mail and may help me with my doubts.
> >
> > 1. Why doesn't passwd ask superuser's current password when it's run
> > by the superuser to change its own password? May not it be considered
> > a serious security flaw?
> >
> > 2. Why doesn't the system ask the password, as a default action, to
> > log in the system, when entering in single user mode? May not it also
> > be considered a serious security flaw? And why doesn't exist a
> > different password to log in single user mode, instead of using root's
> > password?
> >
> > An real example:
> >
> > Let's suppose an attacker entered the room where an OpenBSD server is
> > located in, and by mistake the system administrator has forgotten to
> > logout the root login session. So the attacker could enter in single
> > user mode, without the need for the root password, and load a
> > malicious kernel module. He also could do millions of other things,
> > but changing root's password, because the system administrator would
> > notice it immediatelly.
> > I believe it could be more difficult for the attacker if there were a
> > different password to log in the system in single user mode.
> >
> > Thanks for the time wasted reading this e-mail and I'm sorry if my
> > questions are too silly.
> >
> > --
> > Joco Salvatti
> > Undergraduating in Computer Science
> > Federal University of Para - UFPA
> > web: http://www.openbsd-pa.org
> > e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
> --
> Joco Salvatti
> Undergraduating in Computer Science
> Federal University of Para - UFPA
> web: http://www.openbsd-pa.org
> e-mail: [EMAIL PROTECTED]
