I take the opposite view. An unauthorized user being able to log into a system as a nonprivileged user is a small deal. Being able to escalate to a privileged user is a big deal.
That's because there are all kinds of legitimate reasons for having a system that untrusted people can log into as an unprivileged user. We should not therefore squander our attention on stopping people from logging in, but rather allocate it to stopping privilege escalations.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds