[NTLUG:Discuss] Virus / Worm problems

Wayne Walker wwalker at bybent.com
Fri Oct 6 10:19:07 CDT 2006 

Oops.  I was thinking of Knoppix.  They use sudo and do not require a
password.  That essentially means any machine booted in Knoppix, if
exploited at the user level is instantly a root exploit.

Ubuntu at least requires a password.

BUT.  sudo is still less secure than a separate root user.  With
sudo, the inexperienced user's password (probably easy to guess, easier
to grab with a trojan script) is all that protects the castle.

On Fri, Oct 06, 2006 at 10:05:02AM -0500, Eric Waguespack wrote:
> sorry... your going to have to help me with this.
> 
> You are saying that the use of sudo is less secure than using root?
> Either I misunderstood you or I need to go back to Unix 101.
> 
> Please enlighten me.
> 
> 
> On 10/6/06, Wayne Walker <wwalker at bybent.com> wrote:
> >On Fri, Oct 06, 2006 at 09:33:25AM -0500, Terry Henderson wrote:
> >> Ubuntu uses sudo for everything and has no root user account, (it is
> >> dissabled by default).
> >> BUT, it can easily be enabled;
> >>
> >>    sudo passwd root
> >> and then dissabled again:
> >>    sudo passwd -1 root
> >>
> >> Does this make Ubuntu more or less secure?
> >MUCH less secure.
> >
> >--
> >
> >Wayne Walker
> >
> >www.unwiredbuyer.com - when you just can't be by the computer
> >
> >wwalker at bybent.com                    Do you use Linux?!
> >http://www.bybent.com                 Get Counted!  http://counter.li.org/
> >Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
> >Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
> >IRC:     wwalker on freenode.net
> >
> >_______________________________________________
> >http://www.ntlug.org/mailman/listinfo/discuss
> >

-- 

Wayne Walker

www.unwiredbuyer.com - when you just can't be by the computer

wwalker at bybent.com                    Do you use Linux?!
http://www.bybent.com                 Get Counted!  http://counter.li.org/
Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
IRC:     wwalker on freenode.net

More information about the Discuss mailing list