=>> Everytime I login as 'root' on a Linux PC (Slackware 2.2,
=>> kernel 1.2.13, shared libs 4.6.27), I have to enter a password
=>> via the net - this is not acceptable!
=>Let me see if I have this right. Its better to be able to log in as root
=>without using a password than it is to send the password out over then
=>network? I really don't think that's a great idea. [ ... ]
=I do not understand your remark. You can not pretend to be what you are not.
In the above case, one certainly can.
=The question implies that you are root AND root of a specific machine, that
=is allowed to connect as root on another machine. Obviously, the characteristics
=of that machine is known. I do not believe it is possible to simulate the
=allowed machine ( IP address and the rest ) without it being immediately detected.
You are incorrect. This is called "spoofing" and is a serious problem.
I would never allow a network I was responsible for to permit a root
priviledge login without the entry of a password unless the network was
completely physically secure (and even then I'd worry about it). With
currently available software, it's possible to change the hardware address
associated with a computer. Altering the configuration to use a different
IP address is trivial. Attach a rogue system to a network, trap the
hardware address of the system you want to spoof, configure the rogue
to match, and you're in as root on the target system in seconds.
And this type of thing can go on for quite a while undetected. It only
takes a minute to set up a suid shell, then break the spoofed connection
and go to work on the target, doing whatever infantile damage the
=Any idea around... ?
Just take the root passwords off your systems. That way, you'll be able
to save those few seconds when you log in. You can remember them when
you spend hours cleaning up the mess.
If Linux doesn't allow what you're trying to do, I consider that to be
a mark in Linuxs' favor.
The Chairman of the Board and the CFO speak for SCI. I'm neither.
"Quit while you're ahead. All the best gamblers do." Baltasar Gracian