Wouldn't this be the main reason to use sudo?
On 6/21/06, Joco Salvatti [EMAIL PROTECTED] wrote:
Thanks for all.
On 6/21/06, Peter Landry [EMAIL PROTECTED] wrote:
I think that when you've given an attacker physical access to a machine
with a root session open, there's not a whole lot OpenBSD (or any OS) can
do... The attacker could also, with physical, attach a keystroke logger,
unplug your machine, or any number of other bad/humorous things I'm not
clever enough to think of -- no matter what OS is running on the system.
Hope that allays some of your fears regarding OpenBSD in particular...
Peter L.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Joco Salvatti
Sent: Wednesday, June 21, 2006 1:23 PM
To: Misc OpenBSD
Subject: Doubts about OpenBSD security.
My doubts may seem fool, so thanks in advance for those who will read
this e-mail and may help me with my doubts.
1. Why doesn't passwd ask superuser's current password when it's run
by the superuser to change its own password? May not it be considered
a serious security flaw?
2. Why doesn't the system ask the password, as a default action, to
log in the system, when entering in single user mode? May not it also
be considered a serious security flaw? And why doesn't exist a
different password to log in single user mode, instead of using root's
password?
An real example:
Let's suppose an attacker entered the room where an OpenBSD server is
located in, and by mistake the system administrator has forgotten to
logout the root login session. So the attacker could enter in single
user mode, without the need for the root password, and load a
malicious kernel module. He also could do millions of other things,
but changing root's password, because the system administrator would
notice it immediatelly.
I believe it could be more difficult for the attacker if there were a
different password to log in the system in single user mode.
Thanks for the time wasted reading this e-mail and I'm sorry if my
questions are too silly.
--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://www.openbsd-pa.org
e-mail: [EMAIL PROTECTED]
--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://www.openbsd-pa.org
e-mail: [EMAIL PROTECTED]