[K12OSN] when running ltsp-server-tweaks

Jim Kinney jim.kinney at gmail.com
Wed Aug 31 18:27:44 UTC 2011


On Wed, Aug 31, 2011 at 2:16 PM, Burke Almquist <burke at thealmquists.net>wrote:

>
> On Aug 31, 2011, at 7:23 AM, Jim Kinney wrote:
>
> > Bear in mind that blocking direct root login to X and gdm was implemented
> because of the huge security issues exposed. X already runs with many root
> privileges due to how X interacts with the hardware layer. Opening pam to
> allow root login from terminals is flat out dangerous as the security of the
> password process over the network is an exposure that's not balanced by the
> convenience. With the exception of gconf editing now requiring an active X
> session to work, there is no reason for root to ever login anywhere except
> the actual console of the server and only at the command line.
> > Current Linux distros basically should never have a need for direct root
> login unless the system is being put into single user mode for repairs.
> FYI, I didn't try logging in as root on the terminals, just on the server.
>

Good to hear as that cuts down on some of the security issues. However, as
all (most) thin client processes run on the server itself, and X has many
data leaks, logging as root in X on the server is still a security nightmare
asking for exploitation. And with a flock of curious kids looking for "fun
things to do", a political problem waiting to happen :-)

Besides, EVERYTHING needed for administration of a Linux server can be done
with su, sudo or the gui's with root password.

OK. So single user mode to fix a disk that has failed and a few
repartitioning things requires root login in runlevel 1. But other than
that, and the gconf thing, but, really, nothing else ....

:-)

Be wary of middle and high school students. They be crafty little imps!
Fork-bombs are a fun way to bring class to a halt!

>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>



-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20110831/20f37404/attachment.htm>


More information about the K12OSN mailing list