Yes, same answer, you get owned. In fact, even with a password
required, the 5 minute grace window for sudo does you in - some bad
guy just keeps trying to sudo, until you do it legitimately, thereby
allowing it freely for 5 minutes, and then he's got root.
Isn't it possible to lock that to
On Wed, Mar 3, 2010 at 9:06 AM, Mauro Santos registo.maill...@gmail.com wrote:
Yes, same answer, you get owned. In fact, even with a password
required, the 5 minute grace window for sudo does you in - some bad
guy just keeps trying to sudo, until you do it legitimately, thereby
allowing it
On 03/01/2010 05:03 PM, Ray Kohler wrote:
What would worry me is things like JavaScript exploits and worms -
things that you download and then run as yourself, whether
intentionally or not. A password prompt will block malware like that,
but with no password, you just go owned in one step.
On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin
drankina...@suddenlinkmail.com wrote:
On 03/01/2010 05:03 PM, Ray Kohler wrote:
What would worry me is things like JavaScript exploits and worms -
things that you download and then run as yourself, whether
intentionally or not. A password prompt
On Tue, 02 Mar 2010 20:24:20 -0600
David C. Rankin drankina...@suddenlinkmail.com wrote:
On 03/01/2010 05:03 PM, Ray Kohler wrote:
What would worry me is things like JavaScript exploits and worms -
things that you download and then run as yourself, whether
intentionally or not. A password
On 03/03/2010, Ty John ty...@eye-of-odin.com wrote:
On Tue, 02 Mar 2010 20:24:20 -0600
David C. Rankin drankina...@suddenlinkmail.com wrote:
On 03/01/2010 05:03 PM, Ray Kohler wrote:
What would worry me is things like JavaScript exploits and worms -
things that you download and then run as
On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members
of the
wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
time-saver.
PAM itself should be pretty secure, but what you are trying to achieve
On 03/01/2010 01:14 PM, Florian Pritz wrote:
On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members
of the
wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
time-saver.
PAM itself should be pretty
On Mon, Mar 1, 2010 at 17:58, David C. Rankin
drankina...@suddenlinkmail.com wrote:
It worries me to think about the possible security implications, but
the lazy
side of me sure does like the convenience :p
It's also a bigger issue if you use ssh or a vpn where you could
potentially be
On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin
drankina...@suddenlinkmail.com wrote:
On 03/01/2010 01:14 PM, Florian Pritz wrote:
On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members
of the
wheel group. Eliminating the
10 matches
Mail list logo