At 12 May 2002 09:35:44 +1000, Ian Nicoll wrote: > Onto another topic, one of the things I've heard, and agree with, is to > NEVER log onto the net using superuser. Fair enough, but while I'm > doing 'stuff' like trying to install a program, I use su, but log into > terminal and change to su. > > Question is - am I breaching any security issues? I'm logged into Gnome > as the user 'ian' but logged into terminal as the su. 'ian' has logged > onto the net, but 'su' is there in a terminal. How risky is this?
i'd say thats a good way to do things. presumably root is immune from most things "ian" might try to do due to some evil jpeg image or email virus (hey, buffer overflows happen - even to mutt and pine) running "su" in an xterm is probably fine too. if you're paranoid you should consider enabling the "Secure Keyboard" option in the Ctrl-MouseButton1 menu from your xterm whenever you type in passwords. that will stop (or at least make it very difficult) for other X programs to grab keystrokes from that xterm. -- - Gus -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
