Tugger the SLUGger!SLUG Mailing List Archives

[SLUG] Re: dependencies


At 12 May 2002 09:35:44 +1000, Ian Nicoll wrote:
> Onto another topic, one of the things I've heard, and agree with, is to
> NEVER log onto the net using superuser.  Fair enough, but while I'm
> doing 'stuff' like trying to install a program, I use su, but log into
> terminal and change to su.
> 
> Question is - am I breaching any security issues?  I'm logged into Gnome
> as the user 'ian' but logged into terminal as the su.  'ian' has logged
> onto the net, but 'su' is there in a terminal.  How risky is this?

i'd say thats a good way to do things.

presumably root is immune from most things "ian" might try to do due
to some evil jpeg image or email virus (hey, buffer overflows happen -
even to mutt and pine)

running "su" in an xterm is probably fine too. if you're paranoid you
should consider enabling the "Secure Keyboard" option in the
Ctrl-MouseButton1 menu from your xterm whenever you type in
passwords. that will stop (or at least make it very difficult) for
other X programs to grab keystrokes from that xterm.

-- 
 - Gus