On Thu, 2 Sep 2010, James Mckenzie wrote:
However, this portion of the thread is the first case where I could
actually state that this could be a MAJOR security hazard. Let's expand this:
1. An account with a weak password gets compromised.
2. This account has a file added (either FTP/SFTP upload or a malicious script is
written).
3. The ownership of this file is changed to a user with elevated privileges, but not
root.
This could be prevented by requiring notquiteroot's password.
As an additonal layer, it might be good to require notquiteroot
to make prior arrangements.
It is rather interesting, but if this is prevented, then the file
remains just a space waster...
This is one of the functions of a good security system.
--
Michael hennebry(a)web.cs.ndsu.NoDak.edu
"Pessimist: The glass is half empty.
Optimist: The glass is half full.
Engineer: The glass is twice as big as it needs to be."