[ale] Linux Distributions

Jim Popovitch jimpop at yahoo.com
Wed May 18 03:15:55 EDT 2005


On Tue, 2005-05-17 at 23:45 -0400, James Sumners wrote:
> Sucked back in. *curses under breath*
> 
> You just outlined the danger:
> 1. The machine is used on several networks. At least one of which is
> an uncontrolled network with strangers listening in.
> 2. Passwords are being used quite frequently for every function of
> said machine. (Woe unto you for using telnet.)
> 3. THE MACHINE IS BEING RUN AS ROOT.
> 
> In such a scenario the machine can be compromised and passwords to
> other hosts stolen. These other hosts can then be compromised and used
> to launch other attacks such as DoSes

This yet again shows how one persons perception is not always another's
reality.  I do use email/telent/passwords/etc but how do you know I use
them insecurely?  I use telnet all the time, either on controlled
networks or over a VPN.  In either case it in normal and acceptable to
use telnet in some of these arenas it may even be prohibited to use ssh
due to corp/govt polices.  Your assumptions that I would telnet into a
trusted host across a public network is just plain insulting.  Woe to
you for having so narrow a perception about how I use tools/apps.  ;-)

> Meanwhile, another user with the same setup but running as an
> unprivileged user has made it one step harder for the complete system
> to be compromised. Chances are better that a keylogger or a module to
> intercept data before it is encrypted is harder to install.

That is just not true.  If you as a user can run applications that
interpret keystrokes, so can some viral keylogger.  There is nothing
root or non-root specific about it.  

>  Is it impossible? No. Is it at least a little bit harder? Yes.

How is it a bit harder?  An extra step?  Security through obscurity... 

> Which machine
> do you think the attacker would focus on? (Assuming he has already
> been able to determine what the users privilege level is.)

This part of your argument is lost due to not being convincing that an
attacker could get this far.  If the attacker could get this far
(captured keystrokes/passwords) then they have what they need, and all
that can be done with out the user even running as root.

> Now, let's turn the question around. Can you tell me why a user that
> only needs to read email, surf the web, and ssh/*shudder*telnet into
> other systems needs to run as a super user or be in the super user
> group? Dare I say that there isn't a single valid reason? I think that
> I do.

   burn dvds
   use /dev/ttySO
   mount additional tmp space
   add users (a friend might need temp access)
   config iptables/network/tunnels
   load/unload usb/vmware/vpn modules    
   bring up a VPN

All of the above CAN be done by a user through a 1000 hoops and loops,
but in my opinion the risk is greater in the 1000 config/sudo/setuid
changes than to just know what you are doing and run as root.  YMMV.
   
-Jim P.



More information about the Ale mailing list