[Sderby] root priviledges
Paul Grosse
paul-grosse at ntlworld.com
Sun Oct 24 12:25:30 BST 2004
Folks,
I seem to remember reading somewhere (although I have spent the last two days
trying to find it again) that you can asign root's priviledges to another
account (which is easy enough to do anyway and isn't really what this is
about) but then, give root no priviledges (which is what this is about).
The idea being along the lines of: anybody who hacks into your system and
manages to log into the root account finds themself with nothing spectacular.
This is basically security by obscurity so it is limited in its effectiveness
as anybody then just needs to find the real 'root-like' account and then just
socially engineer the details from an unsuspecting target.
I'm not talking about sudo here.
Has anybody done this or know somebody who has done this? Or, know of this
(know the web page I've seen -- I didn't bookmark it)?
--
Regards,
Paul Grosse
http://www.grosse.is-a-geek.com/
http://ourworld.compuserve.com/homepages/pagrosse/
================================================================
This message has been double ROT13 encrypted for your protection
================================================================
More information about the Sderby
mailing list