[TriLUG] Privileges and Social Engineering

Mike Johnson mike at enoch.org
Sat Jun 12 22:42:10 EDT 2004


Jeff Tickle [jtickle at jtsoft.net] wrote:
> So on the Apple, does the user set the root password at some point?  You

Nope.  They have a concept of 'administrative' users.  These users can
use sudo (from the command line) or authenticate through the GUI when
root-ish powers are needed.

Now, you -can- enable the root account and give it a password, but it's
a bunch of hoops, and noob's will never do it.

> make a good point that there are still good vulnerabilities in the home
> directory.  I didn't think of those, and there's no real way around
> them.  And you'll always indeed have the very few people (but enough)
> who install that cool program that "Bob" sent them.  I don't suppose
> there's any real good way of getting around the problem...

A very tight SELinux setup might pull it off, but it'd be annoying
enough that regular users wouldn't use it.
 
> Oh well.  It was just a thought.  Possibly still not a bad idea, but
> definitely not a 100% effective solution.

Though, there is something to be said for an 80% solution...

Mike
-- 
"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH 
 YOUR LASER CANNONS!" -- Brak

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040612/fa5b008d/attachment.pgp>


More information about the TriLUG mailing list