new | ask | show | jobs
charcircuit 4 hours ago  [ - ]

Breaching the daemon only allows for the attacker to get access to the login. User accounts should still be secured requiring authentication.

>If this was so easy to deal with, someone would have done it.

Sadly this is not the case. There is a lot of inertia towards solutions like ssh or sudo. It may be easy to delete them, but actually getting such a changed accepted is no trivial task.

esseph 3 hours ago  [ - ]

> Breaching the daemon only allows for the attacker to get access to the login

Yes, but potentially any login. See the problem? If you compromise the gatekeeper, you are now the keymaster. Or whatever :)

charcircuit 2 hours ago  [ - ]

I'll admit it is still problematic. But at least there is only 1 gatekeeper instead of 2.

jmb99 42 minutes ago  [ - ]

How is that better?