tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: unsafe file permissions on /usr/bin/login



I've looked at login a little more and see the security measures, but I still don't like it..

At the moment I'm thinking it best (in my very personal opinion) to nologin the root account

On Wed, Nov 28, 2018 at 1:20 PM JP <rlntlss83%gmail.com@localhost> wrote:
well, I can see it...     and it's not staying that way on anything I deploy.


On Wed, Nov 28, 2018 at 1:11 PM Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
On Wed, Nov 28, 2018 at 01:09:19PM -0500, JP wrote:
> I cannot brute force su if I am not in the wheel group.

against root, for other users you can

>
> I can brute force login regardless of group affiliation.

not against root either.

--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index