Security Changes For Fedora 9
riley.marquis at tcsresearch.org
riley.marquis at tcsresearch.org
Sat Jan 5 01:55:49 UTC 2008
It appears as if I have fallen behind the times in terms of Linux security.
I apologize for not keeping up. =)
I'd like to take a moment to ask a few questions so that I can better
understand the reasoning behind certain changes being a bad idea, and thus
become more knowledgeable.
2: /etc/ssh/sshd_config change
In regards to changing PermitRootLogin to no, we'd obviously need a
regular user account to login to, then su to root. Thus, even one who has
the root account and password would need a regular user name and password
before the root account would do him any good. However, perhaps there is
a downside to this as well? Or perhaps we don't change any defaults from
upstream OpenSSH unless absolutely necessary? I'm sure there are those
who want to login as root, and those who don't. Just curious about the
reasoning...
In regards to the GCC lockdowns, it was my understanding that sometimes
hackers use our own compilers against us by logging in as a normal user,
using gcc to build their hacktools, and then using the built tools to
compromise root. Is this something that is no longer done? Just curious.
Thanks in advance!
Riley
More information about the Fedora-security-list
mailing list