On 03/02/2010 08:40 PM, Ray Kohler wrote:
> On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin
> wrote:
>> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>>> What would worry me is things like JavaScript exploits and worms -
>>> things that you download and then run as yourself, whether
>>> intentionally
On Wed, Mar 3, 2010 at 9:06 AM, Mauro Santos wrote:
>> Yes, same answer, you get owned. In fact, even with a password
>> required, the "5 minute grace window" for sudo does you in - some bad
>> guy just keeps trying to sudo, until you do it legitimately, thereby
>> allowing it freely for 5 minutes
> Yes, same answer, you get owned. In fact, even with a password
> required, the "5 minute grace window" for sudo does you in - some bad
> guy just keeps trying to sudo, until you do it legitimately, thereby
> allowing it freely for 5 minutes, and then he's got root.
Isn't it possible to lock that
On 03/03/2010, Ty John wrote:
> On Tue, 02 Mar 2010 20:24:20 -0600
> "David C. Rankin" wrote:
>
>> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>> > What would worry me is things like JavaScript exploits and worms -
>> > things that you download and then run as yourself, whether
>> > intentionally o
On Tue, 02 Mar 2010 20:24:20 -0600
"David C. Rankin" wrote:
> On 03/01/2010 05:03 PM, Ray Kohler wrote:
> > What would worry me is things like JavaScript exploits and worms -
> > things that you download and then run as yourself, whether
> > intentionally or not. A password prompt will block malw
On Tue, Mar 2, 2010 at 9:24 PM, David C. Rankin
wrote:
> On 03/01/2010 05:03 PM, Ray Kohler wrote:
>> What would worry me is things like JavaScript exploits and worms -
>> things that you download and then run as yourself, whether
>> intentionally or not. A password prompt will block malware like
On 03/01/2010 05:03 PM, Ray Kohler wrote:
> What would worry me is things like JavaScript exploits and worms -
> things that you download and then run as yourself, whether
> intentionally or not. A password prompt will block malware like that,
> but with no password, you just go owned in one step.
On 03/01/2010 05:03 PM, Ray Kohler wrote:
> On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin
> wrote:
>> On 03/01/2010 01:14 PM, Florian Pritz wrote:
>>> On 03/01/2010 07:58 PM, David C. Rankin wrote:
As the comment says, the entry causes pam to implicitly trust members
of the
On Mon, Mar 01, 2010 at 11:58:47PM +0100, David C. Rankin wrote:
> It worries me to think about the possible security implications, but
> the lazy
> side of me sure does like the convenience :p
Did you really think you will get the answer you are looking for here on the
list? :)
I'm laz
On Mon, Mar 1, 2010 at 5:58 PM, David C. Rankin
wrote:
> On 03/01/2010 01:14 PM, Florian Pritz wrote:
>> On 03/01/2010 07:58 PM, David C. Rankin wrote:
>>> As the comment says, the entry causes pam to implicitly trust members
>>> of the
>>> wheel group. Eliminating the need to type a 14 char
On Mon, Mar 1, 2010 at 17:58, David C. Rankin
wrote:
> It worries me to think about the possible security implications, but
> the lazy
> side of me sure does like the convenience :p
>
It's also a bigger issue if you use ssh or a vpn where you could
potentially be getting connections from o
On 03/01/2010 01:14 PM, Florian Pritz wrote:
> On 03/01/2010 07:58 PM, David C. Rankin wrote:
>> As the comment says, the entry causes pam to implicitly trust members
>> of the
>> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
>> time-saver.
>
> PAM itself should
On 03/01/2010 07:58 PM, David C. Rankin wrote:
> As the comment says, the entry causes pam to implicitly trust members
> of the
> wheel group. Eliminating the need to type a 14 char pw 10 times a day is a
> time-saver.
PAM itself should be pretty secure, but what you are trying to achieve
i
On Monday 01 of March 2010 20:58, David C. Rankin wrote:
> Guys,
>
> Working through the setup of my new server, I rad across a wonderful
> hidden time-saver in /etc/pam.d/su. If you have configured sudo in the
> normal way by providing sudo access to members of the 'wheel' group, you
> can
14 matches
Mail list logo
