From Whonix

< Dev
  • There is nothing wrong with Debian's default /etc/securetty file as long as using a secure root password.
  • A compromised user account user user could be infected with a keylogger which could read the sudo password and thereby acquire root access.
  • A secure password for user user and root leads to compromised non-root users (such as user sdwdate in case sdwdate gets exploited) to requiring a local privileged escalation exploit in order to acquire root compromise. Root password bruteforcing is not possible.
  • Only one user account with password and no root account login supported by default also means the user has only to remember and secure one rather than two strong passwords.
  • Any graphical application can see what any user is typing in any other graphical application for any user. [1]
  • user documentation: Root

Forum discussions:


When login in tty1 as root, not counting as failed login attempt fortunately for our pam_tally2 implementation in security-misc.


  1. Quote Joanna Rutkowska, security researcher, founder and advisor (formerly architecture, security, and development) of Qubes OS:

    One application can sniff or inject keystrokes to another one, can take snapshots of the screen occupied by windows belonging to another one, etc.

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.

Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.

Random News:

We are looking for help in managing our social media accounts. Are you interested?

https | (forcing) onion

Follow: Twitter | Facebook | | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.