SLUG Mailing List Archives
[SLUG] Re: dependencies
- To: Ian Nicoll <kagemusha@xxxxxxxxxxx>
- Subject: [SLUG] Re: dependencies
- From: Angus Lees <gus@xxxxxxxxxxx>
- Date: Mon May 13 21:54:10 2002
- Cc: slug <slug@xxxxxxxxxxx>
- User-agent: Wanderlust/2.9.9 (Unchained Melody) XEmacs/21.4 (Common Lisp)
At 12 May 2002 09:35:44 +1000, Ian Nicoll wrote:
> Onto another topic, one of the things I've heard, and agree with, is to
> NEVER log onto the net using superuser. Fair enough, but while I'm
> doing 'stuff' like trying to install a program, I use su, but log into
> terminal and change to su.
> Question is - am I breaching any security issues? I'm logged into Gnome
> as the user 'ian' but logged into terminal as the su. 'ian' has logged
> onto the net, but 'su' is there in a terminal. How risky is this?
i'd say thats a good way to do things.
presumably root is immune from most things "ian" might try to do due
to some evil jpeg image or email virus (hey, buffer overflows happen -
even to mutt and pine)
running "su" in an xterm is probably fine too. if you're paranoid you
should consider enabling the "Secure Keyboard" option in the
Ctrl-MouseButton1 menu from your xterm whenever you type in
passwords. that will stop (or at least make it very difficult) for
other X programs to grab keystrokes from that xterm.