[Gllug] ssh authentification

Russell Howe rhowe at siksai.co.uk
Fri Jul 28 12:24:23 UTC 2006

On Thu, Jul 27, 2006 at 07:12:38PM +0100, Bruce Richardson wrote:
> They would also need root access, if you've configured the system
> sensibly.

Given the rather frequent discovery of locally exploitable kernel bugs,
I would assume that anybody with access to the machine could gain root
if they really wanted to.

That doesn't mean I don't apply file permissions on things, but it does
give me a strong desire to separate services such that they run under
different kernels, etc (be it via virtualisation or by throwing more
hardware at it).

Defence in depth and all that jazz.. (aka having so many security
'systems' you never have time to properly configure any of them :)

Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list