6 Dec
2005
6 Dec
'05
5:29 p.m.
On Tue, Dec 06, 2005 at 10:54:22AM +0530, Mrugesh Karnik wrote:
Say someone cracks into my system by using a user's password. So now obviously, the cracker has the password that will be asked when he executes sudo something as that user. Doesn't he have full access to the system?
A) Usually systems aren't compromised through passwords, but through (for example) a badly set up CGI script.
B) You don't give blanket sudo to someone who has bad passwords.
C) You don't give blanket sudo to *anyone* (though we all do, right?)
--
Satya. http://www.thesatya.com/
I don't care! Reboot that server! I have work to do!