[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE

Jim Popovitch jimpop at yahoo.com
Thu May 19 16:10:51 EDT 2005


On Thu, 2005-05-19 at 15:09 -0400, Michael B. Trausch wrote:
> Jim Popovitch wrote:
> > 
> > No.  Malware is spread via non-root means every second. i.e. SPAM,
> > phishing scams, viruses.  None of those require "root".
> > 
> 
> When did phishing scams and spam become malware?  I think that you're
> attempting to move the line in the sand.  Malware is malicious software,
> and spam and phishing scams, by definition are not.  However, they can
> distribute software which replicates itself, and it's mass replication
> would be greatly limited in a world where the replicatory and hiding
> means that are currently used would be harder to implement, because
> they'd not be able to hide so easily.

You are making my case.... user based apps spread malware.  

> Viruses, in effect, do require root, save the very annoying ones that
> merely attack data, which aren't that frequent. Viruses attack hard
> disk structures, file system structures, operating system structures --
> all of which are protected on a UNIX or Linux system that isn't running
> as root.  Or did you ignore that, too?

No, you are still making my case.  user based apps spread malware.  Your
sole point about if the user is root the malware has immediate access
wipe the harddrive is meaningless because the valuable data is already
in the users home dir and can be destroyed by the malware without
needing root access.

> Another thing is that it's harder to mass-send e-mails on a system that
> is appropriately locked down and isn't being run as root.

Wrong.

> The issue there is that you can have quotas on CPU time, process counts,
> filesystem usage, for a regular user, but you can't with root users
> unless the limitation comes from the kernel, similar to what Microsoft
> did with Windows.  They managed to get the kernel to throttle TCP
> connections hoping that would help cut down on the virus/worm spread
> that they've persistantly dealt with over the past couple of years in
> one of their "security updates".

You are talking shared severs, not Desktops/laptops.  :rolleyes:

-Jim P.





More information about the Ale mailing list