On 03/02/2010 08:40 PM, Ray Kohler wrote:
> On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin
> wrote:
>> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>>> What would worry me is things like JavaScript exploits and worms -
>>> things that you download and then run as yourself, whether
>>> intentionally
On Wed, Mar 3, 2010 at 9:06 AM, Mauro Santos wrote:
>> Yes, same answer, you get owned. In fact, even with a password
>> required, the "5 minute grace window" for sudo does you in - some bad
>> guy just keeps trying to sudo, until you do it legitimately, thereby
>> allowing it freely for 5 minutes
> Yes, same answer, you get owned. In fact, even with a password
> required, the "5 minute grace window" for sudo does you in - some bad
> guy just keeps trying to sudo, until you do it legitimately, thereby
> allowing it freely for 5 minutes, and then he's got root.
Isn't it possible to lock that
On 03/03/2010, Ty John wrote:
> On Tue, 02 Mar 2010 20:24:20 -0600
> "David C. Rankin" wrote:
>
>> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>> > What would worry me is things like JavaScript exploits and worms -
>> > things that you download and then run as yourself, whether
>> > intentionally o
On Tue, 02 Mar 2010 20:24:20 -0600
"David C. Rankin" wrote:
> On 03/01/2010 05:03 PM, Ray Kohler wrote:
> > What would worry me is things like JavaScript exploits and worms -
> > things that you download and then run as yourself, whether
> > intentionally or not. A password prompt will block malw
On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin
wrote:
> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>> What would worry me is things like JavaScript exploits and worms -
>> things that you download and then run as yourself, whether
>> intentionally or not. A password prompt will block malware like
On 03/01/2010 05:03 PM, Ray Kohler wrote:
> What would worry me is things like JavaScript exploits and worms -
> things that you download and then run as yourself, whether
> intentionally or not. A password prompt will block malware like that,
> but with no password, you just go owned in one step.
On 03/01/2010 05:03 PM, Ray Kohler wrote:
> On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin
> wrote:
>> On 03/01/2010 01:14 PM, Florian Pritz wrote:
>>> On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members
of the
On Mon, Mar 01, 2010 at 11:58:47PM +0100, David C. Rankin wrote:
> It worries me to think about the possible security implications, but
> the lazy
> side of me sure does like the convenience :p
Did you really think you will get the answer you are looking for here on the
list? :)
I'm laz
On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin
wrote:
> On 03/01/2010 01:14 PM, Florian Pritz wrote:
>> On 03/01/2010 07:58 PM, David C. Rankin wrote:
>>> As the comment says, the entry causes pam to implicitly trust members
>>> of the
>>> wheel group. Eliminating the need to type a 14 char
On Mon, Mar 1, 2010 at 17:58, David C. Rankin
wrote:
> It worries me to think about the possible security implications, but
> the lazy
> side of me sure does like the convenience :p
>
It's also a bigger issue if you use ssh or a vpn where you could
potentially be getting connections from o
On 03/01/2010 01:14 PM, Florian Pritz wrote:
> On 03/01/2010 07:58 PM, David C. Rankin wrote:
>> As the comment says, the entry causes pam to implicitly trust members
>> of the
>> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
>> time-saver.
>
> PAM itself should
On 03/01/2010 07:58 PM, David C. Rankin wrote:
> As the comment says, the entry causes pam to implicitly trust members
> of the
> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
> time-saver.
PAM itself should be pretty secure, but what you are trying to achieve
i
On Monday 01 of March 2010 20:58, David C. Rankin wrote:
> Guys,
>
> Working through the setup of my new server, I rad across a wonderful
> hidden time-saver in /etc/pam.d/su. If you have configured sudo in the
> normal way by providing sudo access to members of the 'wheel' group, you
> can
Guys,
Working through the setup of my new server, I rad across a wonderful
hidden
time-saver in /etc/pam.d/su. If you have configured sudo in the normal way by
providing sudo access to members of the 'wheel' group, you can avoid having to
type the root password to 'su' by uncommenting the
15 matches
Mail list logo