[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: A Topic that needs to be discussed on next the QA meeting..

From: Michal Jaegermann <michal harddata com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: A Topic that needs to be discussed on next the QA meeting..
Date: Tue, 18 Mar 2008 09:56:34 -0600

On Tue, Mar 18, 2008 at 04:34:32AM -0700, Andrew Farris wrote:
> Alan Cox wrote:
> >
> >Root isn't the high risk. User accounts and sshd bugs are the high risk.
> 
> Well I understand why those are a high risk, but with root at least the 
> attacker knows the username, normal usernames is a double blind brute force 
> right?

It is enough on a creation of the first user account to drop
"PermitRootLogin without-password" into sshd_config, restart
sshd and root immediately ceases to be "high risk".  Other
risks remain but I am not sure if sshd is that prominent on that
list.

   Michal

References:
- A Topic that needs to be discussed on next the QA meeting..
  - From: Johann B. Gudmundsson
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Jon Stanley
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Johann B. Gudmundsson
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Tomas Mraz
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Alan Cox
- Re: A Topic that needs to be discussed on next the QA meeting..
  - From: Andrew Farris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]