[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Securing Admin Pages

Subject: Re: [cobalt-security] Securing Admin Pages
From: "Dave" <maxdoubt@xxxxxx>
Date: Fri, 22 Feb 2002 14:57:33 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message -----
From: "Gerald Waugh" <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>

> <snip>
> >
> > I think you'd still have a security hole.  While I prefer separate
> > passwords for admin and root, there's no easy way to do that
>> on the RaQ.


> How difficult is it to ssh into the RaQ and issue
> su -
> prompt password: enter admin/root password
> passwd root
> prompt for password: enter new root password
> prompt for password: enter new root password
> You now have different passwords for admin - root
> <snip>--

*IF* a hakker has the root password, yer box is owned.  If they get the admin
password, they go to the GUI and change the admin password which changes the
root pass to match and your still screwed.  I'm still looking for the benefit
of having separate passwords on the Raq?  I assumed this is why Jeff said 'no
easy way' to do this on a Raq?

Max

a.k.a Dave~ who changed his sig. since there seems to be many Daves here...

Follow-Ups:
- Re: [cobalt-security] Securing Admin Pages
  - From: Steve Werby

References:
- Re: [cobalt-security] Securing Admin Pages
  - From: Jeff Lasman
- Re: [cobalt-security] Securing Admin Pages
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] Best way to check email securely?
Next by Date: Re: [cobalt-security] Securing Admin Pages
Previous by thread: Re: [cobalt-security] Securing Admin Pages
Next by thread: Re: [cobalt-security] Securing Admin Pages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index