[ale] Linux Distributions

James Sumners james.sumners at gmail.com
Wed May 18 00:30:02 EDT 2005


Sucked back in. *curses under breath*

You just outlined the danger:
1. The machine is used on several networks. At least one of which is
an uncontrolled network with strangers listening in.
2. Passwords are being used quite frequently for every function of
said machine. (Woe unto you for using telnet.)
3. THE MACHINE IS BEING RUN AS ROOT.

In such a scenario the machine can be compromised and passwords to
other hosts stolen. These other hosts can then be compromised and used
to launch other attacks such as DoSes

Meanwhile, another user with the same setup but running as an
unprivileged user has made it one step harder for the complete system
to be compromised. Chances are better that a keylogger or a module to
intercept data before it is encrypted is harder to install. Is it
impossible? No. Is it at least a little bit harder? Yes. Which machine
do you think the attacker would focus on? (Assuming he has already
been able to determine what the users privilege level is.)

Now, let's turn the question around. Can you tell me why a user that
only needs to read email, surf the web, and ssh/*shudder*telnet into
other systems needs to run as a super user or be in the super user
group? Dare I say that there isn't a single valid reason? I think that
I do.

On 5/17/05, Jim Popovitch <jimpop at yahoo.com> wrote:
> On Tue, 2005-05-17 at 22:14 -0400, George Carless wrote:
> >
> > Honestly, this is so elementary that I'm really starting to
> > think that you people are simply stupid. ;D
> 
> ;-)
> 
> Seriously though, if it is so elementary you should be able to explain
> it in irrefutable detail.
> 
> Assuming that I am the only user, the PC is a laptop, and is used on
> various networks (dial, hotspot, wired), and only to read email, surf
> the web, and ssh/telnet into other systems.
> 
> Where is the vulnerability/risk/danger?
> 
> (remember, you said it was elementary ;-)
> 
> -Jim P.
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 


-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59



More information about the Ale mailing list