Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with second user with uid 0?
  • From: Frank Steiner <fsteiner-mail@xxxxxxxxxxxxxx>
  • Date: Thu, 10 Mar 2005 22:59:35 +0100
  • Message-id: <4230C347.2010703@xxxxxxxxxxxxxx>
Rikard Johnels wrote

Wont the "second" root be able to reset ordinary roots password?
Or add a "backdoor" on the system?
Malicious code can easily be installed once logged in as uid 0.
"I'll just up my pesonal powers a wee bit" is always the most dangerous thing.

Of course, you are right! But I wrote that in my answer to Martin Wilde,
we do trust our users in a certain way. They have physical access to the
servers, so they could easily break in whenever they wanted. Currently,
they get the real root password from opening the envelope, and then I have
to change my root passwords which I don't want to do too often (it's
not that easy to find easy to remember, easy to type and still hard
to break passwords :-)). So with the "rootid", the only difference is that
I don't have to change "my" root password, but only "their" root password.

cu,
Frank


--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: -4054
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *


< Previous Next >