Re: Debian "Sneak Preview" Release for N800/N810!
 

Ok, so that's just a bit scary. Is there any way to add specific commands? But, since the command I want to add is "chroot" that really isn't any more secure, except in a security-through-obscurity way...

Re: Debian "Sneak Preview" Release for N800/N810!
 

That was my thought... You can protect it so you can only chroot some particular place. If you had a particular place tighter than, say, an iPhone's chroot jail, that might make sense. If you've got something like this, designed for utility over security, anyone getting chrooted in without rather immediate dropping of permissions owns your system. (And there's a decent chance, without further attention paid, that they still could.)

But if you'd rather, yes you can do something like:You can also set it to require either root's password or the user's password (the latter is so you don't get baggy-pantsed, and is typical for sudo, especially on a single-user system.), if you think that's more appropriate.

Re: Debian "Sneak Preview" Release for N800/N810!
 

Thanks for being so helpful, but I'm just being silly since I am using certificates on SSH so anyone can walk up to my N800, open a terminal, and type* "ssh root@localhost" and proceed to do something nasty. So what's one more hole in a block of Swiss cheese?

With a handheld device, the best security is keeping it close.

*slowly peck out with a stylus while hunched over the device

Re: Debian "Sneak Preview" Release for N800/N810!
 

Indeed; my tablet has keys to access my desktop with no password. I consider "from my cold, dead hands" a sufficient security policy for a device of this class.

If you'd rather not have it quite that easy, you could lock that down by generating keys with pass-phrases. But why bother?

Re: Debian "Sneak Preview" Release for N800/N810!
 

Thanks for that tip! I now have sudo set to ask for the user's password and use passphrases for all my keys... I don't know if I am just too paranoid or a sucker for punishment. :)

I don't have it ask for a password when you log in, though. I am security lax; my password and passphrase are not even all that different. :(

Re: Debian "Sneak Preview" Release for N800/N810!
 

Yeah I don't think I could ever do this, I'm way way too paranoid. Ever since I saw my friend's computer get hacked and left blasting music all day until we came back from school, I don't mess around. Also, I was able to circumvent a lot of security (during my naive days of course) so I've trained myself to enhance never decrease my security policies.

Re: Debian "Sneak Preview" Release for N800/N810!
 

If you run no externally accessible services (or lock them down sufficiently), then console access is required. If it's in your pocket, console access is pretty strictly limited.

(And, with console access and any net connection, an attacker can install gainroot and use it... so it really doesn't matter.)

Re: Debian "Sneak Preview" Release for N800/N810!
 

It turns out that something that I installed on my tablet had already done the sudoers thing; when I went to edit it, it was already there. I suspect it was KDE or Personal Menu.

And yes,
"works well" in a miata-pulling-fifth-wheeler sort of way. Thanks for the tip.

Re: Debian "Sneak Preview" Release for N800/N810!
 

These files are in the tarball: