Author: marc Date: To: dng Subject: Re: [DNG] gvfs depends on libsystemd0
> You still should use sudo, with a password - the user's own password. > Using root password many times, every day, is bad for security (the more
> times you type it the higher the chances are it will be captured) and it
> instills the desire of an easy to remember and fast to type password.
What people often overlook is that having a real root password
is that is possible to press control-alt-F2 and log in as
root on a text console.
To intercept the password in that case typically requires root
anyway, or some sort of physical access - in either case the
game is already over.
This is different to using sudo or su, where a random javascript
exploit can control firefox which then straces your xterm or
updates your .bashrc to grab your password the next time you
type su or sudo.
And the common use-case for typing in a root password is to
mount a removable disk when one is physically at the computer,
where control-alt-F2 is accessible.
Sudo has its uses, but the practice of using sudo and no root
password is a convenience (fewer passwords to remember) which
typically weakens security.