Mailinglist Archive: opensuse (3394 mails)
| < Previous | Next > |
Re: [SLE] Making yourself have root permissions
- From: warrl@xxxxxxxxx (Warrl)
- Date: Tue, 7 Mar 2000 19:34:19 -0800
- Message-id: <00030719361700.22600@warrl>
On Tue, 07 Mar 2000, Sander van Vugt wrote:
> You're perfectly right when you say that you only have to log in as root to
> do system administration, I totally agree, but the reason I am asking is
> that some people say you make it easy for a cracker to abuse your system
> when you are logged in as root and I have never heard any reasons why
> exactly that is so. Yes, I know you can do some really stupid things to your
> own system when you have to many rights on it, but it simply seems like a
> *myth* that my system is easier to hack when I'm logged in as root, so
> please, if it can be done, give me examples of *how* my system can be hacked
> then.
Many internet clients - Netscape Navigator among them - have security
holes in some versions, such that a malicious person can cause a
command of HIS choosing to run on YOUR system. Some of these he has
to embed in a web page and get you to look at the page; others he can
insert into your system without you referencing his.
The damage from such a command running on your system is likely to be
much less severe if you aren't logged in as root.
>
> As for why I'm asking? I consider Linux a good and secure system (if
> configured the right way), and I really like to know about weak point. Being
> logged in as root which gives more opportunities for the hacker seems a weak
> point to me. Luckily, I didn't hear anyone explain as for now where exactly
> this weak point exists and how a hacker can abuse it.
>
> Sander
>
>
>
> **********************************************************************
> Disclaimer
>
> This email is confidential and intended solely for the use of
> the individual to whom it is addressed. Any views or opinions
> presented are solely those of the author and do not
> necessarily represent those of the Azlan Holdings bv and/or
> subsidiary. If you are not the intended recipient, be advised
> that you have received this email in error and that any use,
> dissemination, forwarding, printing, or copying of this email
> is strictly prohibited.
>
> If you have received this email in error please notify
> Azlan Holdings MIS Helpdesk by telephone on
> +31 (0) 79 3443200.
>
> **********************************************************************
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
| < Previous | Next > |