Mailinglist Archive: opensuse-security (396 mails)
| < Previous | Next > |
Re: [suse-security] Secure root alias logins
- From: Achim Hoffmann <ah@xxxxxxxxxxxxx>
- Date: Thu, 23 Jan 2003 23:15:21 +0100 (MET)
- Message-id: <Pine.LNX.4.33.0301232308060.21916-100000@xxxxxxxxxxxxxxxxxx>
On Fri, 17 Jan 2003 keith.anthony.roberts@xxxxxxxxxxx wrote:
> Surely it would be more difficult for any attacker to break into Linux
> if they did not know the username for the root account?
just one more command necessary: /bin/cat /etc/passwd
and soon I'll see which username is used for UID 0, that's it.
have not followed all replies in detail, but root is just a name, i.g. you may
replace it by any other valid username.
In theory it will work, in praxis you'll have problems with some programs
(in particular those which use root as username instead of UID 0).
Things might get more complicated for attackers if you use for example LDAP
as authentification, there it's not that simple to get valid usernames.
Achim
> Surely it would be more difficult for any attacker to break into Linux
> if they did not know the username for the root account?
just one more command necessary: /bin/cat /etc/passwd
and soon I'll see which username is used for UID 0, that's it.
have not followed all replies in detail, but root is just a name, i.g. you may
replace it by any other valid username.
In theory it will work, in praxis you'll have problems with some programs
(in particular those which use root as username instead of UID 0).
Things might get more complicated for attackers if you use for example LDAP
as authentification, there it's not that simple to get valid usernames.
Achim
| < Previous | Next > |