[TriLUG] Re: Back Oriffice for Linux
James Manning
trilug at sublogic.com
Mon Mar 18 07:27:21 EST 2002
[Andrew Perrin]
> Er, not to be a stickler, but if someone knows your root password aren't
> you kind of sunk to begin with? it would be trivial enough, as root,
> simply to edit Xaccess to give oneself access.
Arguably, they should be able to know your root password but still
not be able to do anything from a remote location over the network.
ssh's PermitRootLogin=no
Calling this a "remote root exploit" would be a misnomer given the
password requirement, but it's still seemingly a tool that could
be a (admittedly slow) running crack on your machine :)
James
--
James Manning <jmm at sublogic.com>
GPG Key fingerprint = B913 2FBD 14A9 CE18 B2B7 9C8E A0BF B026 EEBB F6E4
More information about the TriLUG
mailing list