:: Re: [DNG] New behaviour under Devua…
Góra strony
Delete this message
Reply to this message
Autor: Alessandro Selli
Data:  
Dla: dng
Temat: Re: [DNG] New behaviour under Devuan.
On Fri, 22 Sep 2017 at 19:56:27 -0400
Hendrik Boom <hendrik@???> wrote:

> On Fri, Sep 22, 2017 at 06:27:59AM +0100, KatolaZ wrote:
>> On Thu, Sep 21, 2017 at 09:41:08PM +0100, Dave Turner wrote:
>>
>> [cut]
>>
>>> The bottle of wine isn't quite finished yet, but I am not trying to
>>> force anyone to stop using 'su'.
>>>
>>> It IS a really bad idea though, rummage the interweb, somewhere in
>>> there is a really good write up on why su is bad and sudo is good.
>
> The problem with su is that you may forget you are superuser and start
> doing dangerous things,
>
> That's it.


There's more to that.
One of the major dangers is that typing passwords is itself dangerous,
expecially in the many environments where webcams and microphones are
abundant. Both seeing a person type a prassword and recording the sounds
the keyboard produces can easily lead an attacker to reconstruct the password
that was typed.

[...]

> Can we agree there's a valid use for su?


A few of the times, never when not in a controlled, safe environment.

> And that is isn't for everyone?


Indeed.


Regards,


Alessandro