On Tue, 07 Mar 2000, Sander van Vugt wrote:
I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the only downside of being logged in as root, is that I might be sleepy and do something stupid to myself. I still don't see the security risk in relation to potential hackers, like there was, for example in Netware 3.11.
Okay, for instance; there are known bugs in ircii-based IRC clients (ircii, epic, BitchX, others) that would allow a foreign host to gain root access to your system when said client is attached to an IRC server as root. ircii's greatest strength is it's highly scriptable architecture, and it used to be as simple as a Tcl or PERL script that would allow your nemisis access to your own box. Don't IRC as root. Numerous applications have similar security holes that simply haven't been found yet. Consider for a moment all of the bugs that old FTP servers and old Sendmail's had; part of the problem was the fact that they were running the daemon as root, instead of a privelaged user. An assailant writes a bit of C to attach to the FTP daemon, causes a buffer overrun (the most common type of attacks these days), the daemon/application dies unexpectedly, and *!violla!* Root shell. Read some Usenet one of these days; it'll be an eye-opening experience. As a matter of fact, SuSE hosts an excellent (if slow) Security related list. That makes for good reading, too ;). -- -=|JP|=- Jon Pennington | Atipa Linux Solutions -o) jpennington@atipa.com | Kansas City, MO /\\ 816-241-2641 x121 | http://www.atipa.com _\_V -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/