Skribent: Alessandro Selli Dato: Til: dng Emne: Re: [DNG] New behaviour under Devuan.
On Fri, 22 Sep 2017 at 19:56:27 -0400
Hendrik Boom <hendrik@???> wrote:
> On Fri, Sep 22, 2017 at 06:27:59AM +0100, KatolaZ wrote:
>> On Thu, Sep 21, 2017 at 09:41:08PM +0100, Dave Turner wrote:
>>
>> [cut]
>>
>>> The bottle of wine isn't quite finished yet, but I am not trying to
>>> force anyone to stop using 'su'.
>>>
>>> It IS a really bad idea though, rummage the interweb, somewhere in
>>> there is a really good write up on why su is bad and sudo is good.
>
> The problem with su is that you may forget you are superuser and start
> doing dangerous things,
>
> That's it.
There's more to that.
One of the major dangers is that typing passwords is itself dangerous,
expecially in the many environments where webcams and microphones are
abundant. Both seeing a person type a prassword and recording the sounds
the keyboard produces can easily lead an attacker to reconstruct the password
that was typed.
[...]
> Can we agree there's a valid use for su?
A few of the times, never when not in a controlled, safe environment.
> And that is isn't for everyone?