Michael Hennebry <hennebry@xxxxxxxxxxxxxxxxxxxxx> wrote: > >On Thu, 2 Sep 2010, James Mckenzie wrote: > >> However, this portion of the thread is the first case where I could actually state that this could be a MAJOR security hazard. Let's expand this: >> >> 1. An account with a weak password gets compromised. >> 2. This account has a file added (either FTP/SFTP upload or a malicious script is written). >> 3. The ownership of this file is changed to a user with elevated privileges, but not root. > >This could be prevented by requiring notquiteroot's password. This is a very good policy and idea. >As an additonal layer, it might be good to require notquiteroot >to make prior arrangements. Yes. See this is why it became difficult to hand off files from one user to another user, even if they are nonquite root. Of course, root can and should be able to do these things, but root's password should be strong (>256 bit, non-dictionary) and so should the passwords of all other users on the system, but without the 256 bit (128 or higher should be sufficient). File handoffs should be coordinated and, if directed by policy, recorded. This is one of the reasons I like Linux. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
