Prev: Windows Sicherheit ohne PFW
Next: Call for papers: ISP-10, USA, July 2010
From: Ansgar -59cobalt- Wiechers on 8 Mar 2010 06:23
usrID <usr(a)domain.invalid> wrote:
> Bit Twister wrote:
>> On Sun, 07 Mar 2010 17:52:07 +0100, userid wrote:
>>> Ubuntu - as far as I understand ;) - uses a mixed policy: you log in
>>> as a normal user but, using the same password, you may become a
>>> sudoer.
>>
>> Yes, seen that policy. Instead of having to crack user and root
>> passwords, cracker just needs to crack one password. :(
>
> Yeah, ingenious isn't it?

It's a Mac thing. You wouldn't understand.

Anyway, you can disable this behaviour by removing the respective line
from /etc/sudoers. Make sure you've enabled the root account (and set a
good password for it) before you do that.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
From: userid on 8 Mar 2010 12:54
Ansgar -59cobalt- Wiechers wrote:
> usrID<usr(a)domain.invalid> wrote:
>> Bit Twister wrote:
>>> On Sun, 07 Mar 2010 17:52:07 +0100, userid wrote:
>>>> Ubuntu - as far as I understand ;) - uses a mixed policy: you log in
>>>> as a normal user but, using the same password, you may become a
>>>> sudoer.
>>>
>>> Yes, seen that policy. Instead of having to crack user and root
>>> passwords, cracker just needs to crack one password. :(
>>
>> Yeah, ingenious isn't it?
>
> It's a Mac thing. You wouldn't understand.

Does it mean it's a good thing? confirmed, I don't understand

> Anyway, you can disable this behaviour by removing the respective line
> from /etc/sudoers. Make sure you've enabled the root account (and set a
> good password for it) before you do that.

Thanks for the tip
First  |  Prev  | 
Pages: 1 2
Prev: Windows Sicherheit ohne PFW
Next: Call for papers: ISP-10, USA, July 2010