Mailinglist Archive: opensuse (3394 mails)

[sander.van.vugt@xxxxxxxx (Sander van Vugt)]

Thanks a lot, now I don't only know that, by I also know why.

----- Original Message -----
From: "Jon Pennington" <jpennington@xxxxxxxxx>
To: "Sander van Vugt" <sander.van.vugt@xxxxxxxx>; <dsoper@xxxxxxx>;
<suse-linux-e@xxxxxxxx>
Sent: Tuesday, March 07, 2000 4:50 PM
Subject: Re: [SLE] Making yourself have root permissions

> On Tue, 07 Mar 2000, Sander van Vugt wrote:
> > I'm sorry to be a pain-in-the-ass, but if I understand it correctly, the
> > only downside of being logged in as root, is that I might be sleepy and
do
> > something stupid to myself. I still don't see the security risk in
relation
> > to potential hackers, like there was, for example in Netware 3.11.
>
> Okay, for instance; there are known bugs in ircii-based IRC clients
(ircii,
> epic, BitchX, others) that would allow a foreign host to gain root access
to
> your system when said client is attached to an IRC server as root.
ircii's
> greatest strength is it's highly scriptable architecture, and it used to
be as
> simple as a Tcl or PERL script that would allow your nemisis access to
your
> own box.  Don't IRC as root.
>
> Numerous applications have similar security holes that simply haven't
> been found yet.  Consider for a moment all of the bugs that old FTP
servers and
> old Sendmail's had; part of the problem was the fact that they were
running the
> daemon as root, instead of a privelaged user.  An assailant writes a bit
of C
> to attach to the FTP daemon, causes a buffer overrun (the most common type
of
> attacks these days), the daemon/application dies unexpectedly, and
*!violla!*
> Root shell.  Read some Usenet one of these days; it'll be an eye-opening
> experience.  As a matter of fact, SuSE hosts an excellent (if slow)
Security
> related list.  That makes for good reading, too ;).
>
> --
> -=|JP|=-
> Jon Pennington |   Atipa Linux Solutions    -o)
> jpennington@xxxxxxxxx |   Kansas City, MO      /\\
> 816-241-2641 x121 |   http://www.atipa.com    _\_V
>

**********************************************************************
Disclaimer
 
This email is confidential and intended solely for the use of
the individual to whom it is addressed. Any views or opinions
presented are solely those of the author and do not 
necessarily represent those of the Azlan Holdings bv and/or 
subsidiary. If you are not the intended recipient, be advised 
that you have received this email in error and that any use, 
dissemination, forwarding, printing, or copying of this email
is strictly prohibited.
 
If you have received this email in error please notify 
Azlan Holdings MIS Helpdesk by telephone on 
+31 (0) 79 3443200.

**********************************************************************


-- 
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx             
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/