Not Remembering Root Password
Andras Simon
szajmi at gmail.com
Fri Mar 6 14:57:08 UTC 2009
On 3/6/09, Tim <ignored_mailbox at yahoo.com.au> wrote:
> On Thu, 2009-03-05 at 23:33 -0700, Petrus de Calguarium wrote:
>> it's my computer and I'm the only user, so password or not, I am BOTH
>> me and root, anyway.
>>
>> Do you really think it matters? What could happen, aside from making
>> me think a few nanoseconds longer before executing a command?
>
> Simple scenario: You view some webpage that exploits a weakness in your
> web browser. With no way for it to get root access, all it can do is
> mess up *YOUR* files. But with root access, it can do *anything*,
> including silently install a rootkit.
I'm not quite sure, but isn't it possible that even with just the
privileges of an ordinary user it can install something that watches
what that user is typing when (s)he's su-ing? (No, I'm not at all
arguing for doing things as root!)
Andras
More information about the fedora-list
mailing list